2023-06-02 18:15:08 +00:00
id : CVE-2023-1362
info :
name : unilogies/bumsys < v2.0.2 - Clickjacking
author : ctflearner
severity : medium
description : |
This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
2023-09-06 11:43:37 +00:00
remediation : |
Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
2023-06-02 18:18:50 +00:00
reference :
2023-06-02 18:15:08 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2023-1362
- https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
2023-07-11 19:49:27 +00:00
- https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f
2023-06-02 18:15:08 +00:00
classification :
2023-06-02 18:18:50 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
cve-id : CVE-2023-1362
cwe-id : CWE-1021
2023-10-30 20:55:37 +00:00
epss-score : 0.00078
2023-11-06 12:42:20 +00:00
epss-percentile : 0.33085
2023-09-06 11:43:37 +00:00
cpe : cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
2023-06-02 18:15:08 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-09-06 11:43:37 +00:00
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : bumsys_project
product : bumsys
2023-06-03 18:56:35 +00:00
tags : cve,cve2023,bumsys,clickjacking,huntr
2023-06-02 18:15:08 +00:00
http :
- method : GET
path :
- "{{BaseURL}}"
matchers :
- type : dsl
dsl :
- "status_code_1 == 200"
2023-06-19 21:10:30 +00:00
- "!regex('X-Frame-Options', header)"
2023-06-02 18:15:08 +00:00
- "contains(body, 'BUM</b>Sys</a>')"
condition : and
2023-11-06 12:53:56 +00:00
# digest: 4a0a004730450221009c4fac9904aed05ed5c8096c8e415a3cc4e7fe95f09fa199f8ffa6e94bc3365a0220531c861de93ba4b7592d20e32ba5ff5f00fa4d4ac8e49cfdbc3239f8419c1fc9:922c64590222798bb761d5b6d8e72950