An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html | |
| https://github.com/BobTheShoplifter/CVE-2023-52251-POC | Exploit Third Party Advisory |
| http://packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html | |
| https://github.com/BobTheShoplifter/CVE-2023-52251-POC | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html - | |
| References | () https://github.com/BobTheShoplifter/CVE-2023-52251-POC - Exploit, Third Party Advisory |
29 Feb 2024, 01:42
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
31 Jan 2024, 23:25
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:* | |
| References | () https://github.com/BobTheShoplifter/CVE-2023-52251-POC - Exploit, Third Party Advisory | |
| First Time |
Provectus ui
Provectus |
|
| CWE | CWE-94 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
25 Jan 2024, 21:52
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-25 21:15
Updated : 2024-11-21 08:39
NVD link : CVE-2023-52251
Mitre link : CVE-2023-52251
CVE.ORG link : CVE-2023-52251
JSON object : View
Products Affected
provectus
- ui
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')