We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apache RocketMQ 是一款开源的分布式消息系统。 受影响版本中存在敏感信息泄露漏洞,未经授权的用户可以在启用身份验证和授权功能的情况下获得敏感信息。拥有普通用户权限的攻击者可以通过特定接口窃取管理员账号和密码从而获得RocketMQ权限。 修复版本中,通过增加权限检查和验证,细化访问配置以修复漏洞。强烈建议将 RocketMQ ACL 升级为2.0。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
漏洞描述:
Apache RocketMQ 是一款开源的分布式消息系统。
受影响版本中存在敏感信息泄露漏洞,未经授权的用户可以在启用身份验证和授权功能的情况下获得敏感信息。拥有普通用户权限的攻击者可以通过特定接口窃取管理员账号和密码从而获得RocketMQ权限。
修复版本中,通过增加权限检查和验证,细化访问配置以修复漏洞。强烈建议将 RocketMQ ACL 升级为2.0。
参考链接:
The text was updated successfully, but these errors were encountered: