CVE-2023-37582— Apache RocketMQ: Possible remote code execution when using the update configuration function
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-37582
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache RocketMQ: Possible remote code execution when using the update configuration function
Source: NVD (National Vulnerability Database)
Vulnerability Description
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache RocketMQ 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache RocketMQ是美国阿帕奇(Apache)基金会的一款轻量级的数据处理平台和消息传递引擎。 Apache RocketMQ 存在代码注入漏洞,该漏洞源于当NameServer地址在外网泄露且缺乏权限验证时,NameServer组件仍然存在远程命令执行漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache RocketMQ | 5.0.0 ~ 5.1.1 | - |
II. Public POCs for CVE-2023-37582
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Apache RocketMQ Arbitrary File Write Vulnerability Exploit | https://github.com/Malayke/CVE-2023-37582_EXPLOIT | POC Details |
| 2 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20RocketMQ%20NameServer%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%86%99%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2023-37582.md | POC Details |
| 3 | https://github.com/vulhub/vulhub/blob/master/rocketmq/CVE-2023-37582/README.md | POC Details | |
| 4 | None | https://github.com/laishouchao/Apache-RocketMQ-RCE-CVE-2023-37582-poc | POC Details |
| 5 | None | https://github.com/shoucheng3/apache__rocketmq_CVE-2023-37582_4-9-6 | POC Details |
| 6 | The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks. | https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2023/CVE-2023-37582.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-37582
请登录查看更多情报信息。
Same Patch Batch · Apache Software Foundation · 2023-07-12 · 13 CVEs total
| CVE-2023-30429 | 9.6 CRITICAL | Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication |
| CVE-2023-37579 | 8.2 HIGH | Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/S |
| CVE-2023-30428 | 8.2 HIGH | Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer |
| CVE-2022-42009 | 8.0 HIGH | Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the c |
| CVE-2022-45855 | 8.0 HIGH | Apache Ambari: Allows authenticated metrics consumers to perform RCE |
| CVE-2023-31007 | Apache Pulsar: Broker does not always disconnect client when authentication data expires | |
| CVE-2023-32200 | Apache Jena: Exposure of execution in script engine expressions. | |
| CVE-2023-35908 | Apache Airflow: Access to DAGs without relevant permission | |
| CVE-2023-22887 | Apache Airflow path traversal by authenticated user | |
| CVE-2022-46651 | Apache Airflow: Security vulnerability on AirFlow Connections | |
| CVE-2023-36543 | Apache Airflow: ReDoS via dags function | |
| CVE-2023-22888 | Apache Airflow: Scheduler remote DoS |
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2023-37582
No comments yet