nuclei-templates/http/cves/2023/CVE-2023-1362.yaml

id: CVE-2023-1362

info:
  name: unilogies/bumsys < v2.0.2 - Clickjacking
  author: ctflearner
  severity: medium
  description: |
    This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
  remediation: |
    Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-1362
    - https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
    - https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-1362
    cwe-id: CWE-1021
    epss-score: 0.00071
    epss-percentile: 0.29371
    cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: bumsys_project
    product: bumsys
  tags: cve,cve2023,bumsys,clickjacking,huntr

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 200"
          - "!regex('X-Frame-Options', header)"
          - "contains(body, 'BUM</b>Sys</a>')"
        condition: and
Create CVE-2023-1362.yaml 2023-06-02 18:15:08 +00:00			`id: CVE-2023-1362`

			`info:`
			`name: unilogies/bumsys < v2.0.2 - Clickjacking`
			`author: ctflearner`
			`severity: medium`
			`description: \|`
			`This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`remediation: \|`
			`Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.`
lint fix 2023-06-02 18:18:50 +00:00			`reference:`
Create CVE-2023-1362.yaml 2023-06-02 18:15:08 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2023-1362`
			`- https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f`
Create CVE-2023-1362.yaml 2023-06-02 18:15:08 +00:00			`classification:`
lint fix 2023-06-02 18:18:50 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
			`cve-id: CVE-2023-1362`
			`cwe-id: CWE-1021`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`epss-score: 0.00071`
TemplateMan Update [Mon Oct 16 10:55:13 UTC 2023] :robot: 2023-10-16 10:55:14 +00:00			`epss-percentile: 0.29371`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`cpe: cpe:2.3:a:bumsys_project:bumsys::::::::`
Create CVE-2023-1362.yaml 2023-06-02 18:15:08 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: bumsys_project`
			`product: bumsys`
Auto Generated CVE annotations [Sat Jun 3 18:56:35 UTC 2023] :robot: 2023-06-03 18:56:35 +00:00			`tags: cve,cve2023,bumsys,clickjacking,huntr`
Create CVE-2023-1362.yaml 2023-06-02 18:15:08 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "status_code_1 == 200"`
removed deprecated header syntax with latest one 2023-06-19 21:10:30 +00:00			`- "!regex('X-Frame-Options', header)"`
Create CVE-2023-1362.yaml 2023-06-02 18:15:08 +00:00			`- "contains(body, 'BUM</b>Sys</a>')"`
			`condition: and`