Update CVE-2023-52251.yaml
parent
456ed4ec41
commit
55b1e930ef
|
@ -1,25 +1,32 @@
|
|||
id: CVE-2023-52251
|
||||
|
||||
info:
|
||||
name: kafka-ui - RCE
|
||||
name: Kafka UI 0.7.1 Command Injection
|
||||
author: yhy0
|
||||
severity: critical
|
||||
severity: high
|
||||
description: |
|
||||
Remote Code Execution vulnerability provectus/kafka-ui.
|
||||
remediation: |
|
||||
Do not expose to the Internet
|
||||
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
|
||||
reference:
|
||||
- https://github.com/BobTheShoplifter/CVE-2023-52251-POC
|
||||
- https://github.com/provectus/kafka-ui
|
||||
- http://packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2023-52251
|
||||
cwe-id: CWE-94
|
||||
epss-score: 0.02881
|
||||
epss-percentile: 0.90497
|
||||
cpe: cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
fofa-query: icon_hash="-1477045616"
|
||||
verified: true
|
||||
tags: cve,cve2023,rce,kafka,kafka-ui
|
||||
max-request: 3
|
||||
vendor: provectus
|
||||
product: ui
|
||||
framework: kafka
|
||||
fofa-query: icon_hash="-1477045616"
|
||||
tags: packetstorm,cve,cve2023,rce,kafka,kafka-ui
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
Loading…
Reference in New Issue