id: unauth-apache-kafka-ui info: name: Apache Kafka - Unauthorized UI Exposure author: theamanrawat severity: medium description: Unauthorized access to apache kakfa UI. reference: - https://www.acunetix.com/vulnerabilities/web/apache-kafka-unauthorized-access-vulnerability - https://github.com/provectus/kafka-ui metadata: max-request: 2 verified: true shodan-query: http.title:"UI for Apache Kafka" tags: misconfig,apache,kafka,unauth,exposure http: - method: GET path: - '{{BaseURL}}' - '{{BaseURL}}/ui/clusters/kafka-ui/brokers' stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - 'UI for Apache Kafka' - type: status status: - 200