CVE-2023-33246CISA KEV: Actively Exploited

Apache RocketMQ Command Execution Vulnerability

Published Sep 6, 2023·Updated Sep 6, 2023

Description

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content.

Public Exploits & PoCs13 found

PoC: CVE-2023-33246

Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit

4

PoC: rocketMq_RCE

RocketMQ RCE (CVE-2023-33246) woodpecker 利用插件

3

PoC: CVE-2023-33246

Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit

3

PoC: fetch-broker-conf

A tool to fetch the RocketMQ broker configuration in order to discover indicators of compromise for CVE-2023-33246

1

PoC: CVE-2023-33246

Apache RocketMQ 漏洞利用工具

1

PoC: CVE-2023-33246

CVE-2023-33246

PoC: CVE-2023-33246

CVE-2023-33246 - Apache RocketMQ config RCE

PoC: CVE-2023-33246

CVE-2023-33246 POC

PoC: CVE-2023-33246-dgjfd

CVE-2023-33246

PoC: CVE-2023-33246

CVE-2023-33246

PoC: CVE-2023-33246-rnkku

Apache RocketMQ 漏洞利用工具

PoC: CVE-2023-33246

CVE-2023-33246:Apache RocketMQ 远程命令执行漏洞检测工具

PoC: CVE-2023-33246_RocketMQ_RCE_EXPLOIT

CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free