kafka-api-cluster: Kafka Operation API - Cluster

漏洞描述

PoC代码[已公开]

id: kafka-api-cluster

info:
  name: Kafka Operation API - Cluster
  author: DhiyaneshDk
  severity: high
  description: |
    Kafka Operation API Cluster page was detected and appeared to be accessible without authentication.
  classification:
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
  tags: kafka,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/kafka/clusters"

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "bootstrap_servers", "brokers", "version")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022052318c69589728c90d128c66ffbb309a1999e1c2e3832d99eb5f082e9a404eb3022100cfe9f2dcdc29eff4d920d384b616b4a0593d413b9dee50f07fa28a4ed95cc160:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC cluster-trino-admin-login: Cluster Overview Trino - Admin Login
• POC postgresql-cluster-config: PostgreSQL Cluster - Configuration
• POC unauth-kafka-config-editor: Kafka Config Editor - Unauthenticated Access
• CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
• POC CVE-2020-11853: Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
• POC CVE-2020-21224: Inspur ClusterEngine 4.0 - Remote Code Execution
• POC CVE-2021-21975: vRealize Operations Manager API - Server-Side Request Forgery
• POC CVE-2021-22502: Micro Focus Operations Bridge Reporter - Remote Code Execution
• POC CVE-2021-43496: Clustering Local File Inclusion
• POC CVE-2023-20864: VMware Aria Operations for Logs - Unauthenticated Remote Code Execution
• POC CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
• POC CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
• POC CVE-2023-25194: Apache Druid Kafka Connect - Remote Code Execution