id: CVE-2023-1362 info: name: unilogies/bumsys < v2.0.2 - Clickjacking author: ctflearner severity: medium description: | This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2. remediation: | Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-1362 - https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/ - https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-1362 cwe-id: CWE-1021 epss-score: 0.00071 epss-percentile: 0.29451 cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: bumsys_project product: bumsys tags: cve,cve2023,bumsys,clickjacking,huntr http: - method: GET path: - "{{BaseURL}}" matchers: - type: dsl dsl: - "status_code_1 == 200" - "!regex('X-Frame-Options', header)" - "contains(body, 'BUMSys')" condition: and # digest: 4a0a0047304502206f59109346b3c3d2db6c44855f7012d78c655291b5381c1e68a4dbeb1e0a8651022100a28dacc154e6606d7bb3136e69de19f3c4836ec98e33ff30509edc8e2d66340a:922c64590222798bb761d5b6d8e72950