Create CVE-2023-1362.yaml

2023-06-02 23:45:08 +05:30 · 2023-06-02 23:45:08 +05:30 · dd68f47ae2
parent 7d7eb6cba9
commit dd68f47ae2
1 changed files with 34 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-1362.yaml
+++ b/http/cves/2023/CVE-2023-1362.yaml
@ -0,0 +1,34 @@
+id: CVE-2023-1362
+
+info:
+  name: unilogies/bumsys < v2.0.2 - Clickjacking
+  author: ctflearner
+  severity: medium
+  description: |
+    This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
+  reference: 
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-1362
+    - https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
+  classification:
+     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+     cvss-score: 6.1
+     cve-id: CVE-2023-1362
+     cwe-id: CWE-1021
+     cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 2
+    verified: "true"
+  tags: cve,cve2023,bumsys,clickjacking
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code_1 == 200"
+          - "!regex('X-Frame-Options', all_headers)"
+          - "contains(body, 'BUM</b>Sys</a>')"
+        condition: and