CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
48.8%
This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
id: CVE-2023-1362
info:
name: unilogies/bumsys < v2.0.2 - Clickjacking
author: ctflearner
severity: medium
description: |
This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
impact: |
An attacker can trick users into performing unintended actions on the vulnerable application.
remediation: |
Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1362
- https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
- https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f
- https://github.com/ctflearner/ctflearner
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-1362
cwe-id: CWE-1021
epss-score: 0.00134
epss-percentile: 0.48533
cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: bumsys_project
product: bumsys
tags: cve,cve2023,bumsys,clickjacking,huntr,bumsys_project
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- "status_code_1 == 200"
- "!regex('X-Frame-Options', header)"
- "contains(body, 'BUM</b>Sys</a>')"
condition: and
# digest: 4a0a004730450221008a79a4ec7e3c4d6be37f81281c4648dae38737c877092a9d257e5b92b0924c4c02200a020bcf923115f3cf0bf8cd32bfee8d459ab0cbef61231a5e381ba9cafca072:922c64590222798bb761d5b6d8e72950
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
48.8%