nuclei-templates/http/misconfiguration/redpanda-console.yaml

id: redpanda-console

info:
  name: Redpanda Console - Exposure
  author: kh4sh3i
  severity: medium
  description: |
    Unauthorized access to the Redpanda Console could allow attackers to view or manipulate streaming data, monitor clusters, or access configuration information, leading to potential data leaks or service disruption.
  impact: |
    Exposing the Redpanda Console to the public can result in unauthorized access, leading to data leaks, misconfigurations, or even denial of service attacks on the streaming infrastructure.
  reference:
    - https://github.com/redpanda-data/console
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Redpanda Console"
  tags: misconfig,redpanda,console,streaming

http:
  - method: GET
    path:
      - "{{BaseURL}}/overview"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Redpanda Console"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ae47860f5521efa68bf5655aa88f7feffdf351b8963d7088dac1f30b7c8792ab022100ab0d0671ad863afaecc74c92785a11e41f7e5ffff234f7052360ac050af79611:922c64590222798bb761d5b6d8e72950
Update and rename redpanda-console-detection.yaml to http/misconfiguration/redpanda-console.yaml 2024-10-21 00:06:09 +00:00			`id: redpanda-console`

			`info:`
			`name: Redpanda Console - Exposure`
			`author: kh4sh3i`
			`severity: medium`
			`description: \|`
			`Unauthorized access to the Redpanda Console could allow attackers to view or manipulate streaming data, monitor clusters, or access configuration information, leading to potential data leaks or service disruption.`
			`impact: \|`
			`Exposing the Redpanda Console to the public can result in unauthorized access, leading to data leaks, misconfigurations, or even denial of service attacks on the streaming infrastructure.`
			`reference:`
			`- https://github.com/redpanda-data/console`
			`metadata:`
			`verified: true`
			`max-request: 1`
			`shodan-query: title:"Redpanda Console"`
			`tags: misconfig,redpanda,console,streaming`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/overview"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "Redpanda Console"`

			`- type: status`
			`status:`
			`- 200`
chore: sign templates 🤖 2024-10-24 09:08:06 +00:00			`# digest: 4b0a00483046022100ae47860f5521efa68bf5655aa88f7feffdf351b8963d7088dac1f30b7c8792ab022100ab0d0671ad863afaecc74c92785a11e41f7e5ffff234f7052360ac050af79611:922c64590222798bb761d5b6d8e72950`