42 lines
1.6 KiB
YAML
42 lines
1.6 KiB
YAML
id: CVE-2023-1362
|
|
|
|
info:
|
|
name: unilogies/bumsys < v2.0.2 - Clickjacking
|
|
author: ctflearner
|
|
severity: medium
|
|
description: |
|
|
This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
|
|
remediation: |
|
|
Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
|
|
reference:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-1362
|
|
- https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
|
|
- https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2023-1362
|
|
cwe-id: CWE-1021
|
|
epss-score: 0.00078
|
|
epss-percentile: 0.32799
|
|
cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: bumsys_project
|
|
product: bumsys
|
|
tags: cve,cve2023,bumsys,clickjacking,huntr,bumsys_project
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "status_code_1 == 200"
|
|
- "!regex('X-Frame-Options', header)"
|
|
- "contains(body, 'BUM</b>Sys</a>')"
|
|
condition: and
|
|
# digest: 4b0a00483046022100cbb7f03b82154ea5965f2776cf252a3a33f890de68c9017c47dad51efbf86e92022100c8484a37b46e5a84c7aba1e9cf0a18772b25108055bf69591eb512944278391f:922c64590222798bb761d5b6d8e72950 |