CVE-2023-52251-POC There is a Remote Code Execution vulnerability provectus/kafka-ui. There is no patch as of writing this, but the vendor is notified by us and the team over at VINCE without any response. Report was sent Sep 27, 2023 to provectus both via email and github security. Remediation We suggest commenting out the entire groovy filter function/adding authentication as a minimum. Metadata | Title | Value | | —————– | :—————————————————————————————————————————————————————————– | | CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H | | CVE ID | CVE-2023-52251 | | CVS Description | provectus kafka-ui 4.0.0 and later was discovered to contain a remote command execution (RCE) vulnerability via the q parameter at /api/clusters/local/topics/{topic}/messages | | CVSS Score |…Read More
Exploit for CVE-2023-52251
