漏洞描述
Unauthorized access to the Redpanda Console could allow attackers to view or manipulate streaming data, monitor clusters, or access configuration information, leading to potential data leaks or service disruption.
redpanda-console: Redpanda Console - Exposure
PoC代码[已公开]
id: redpanda-console
info:
name: Redpanda Console - Exposure
author: kh4sh3i
severity: medium
description: |
Unauthorized access to the Redpanda Console could allow attackers to view or manipulate streaming data, monitor clusters, or access configuration information, leading to potential data leaks or service disruption.
impact: |
Exposing the Redpanda Console to the public can result in unauthorized access, leading to data leaks, misconfigurations, or even denial of service attacks on the streaming infrastructure.
reference:
- https://github.com/redpanda-data/console
metadata:
verified: true
max-request: 1
shodan-query: title:"Redpanda Console"
tags: misconfig,redpanda,console,streaming,vuln
http:
- method: GET
path:
- "{{BaseURL}}/overview"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Redpanda Console"
- type: status
status:
- 200
# digest: 490a0046304402206a094103816ffb8689da80c22021ebf8174b5134bee55d6c2bebc31e134b5cd702207d54708388e86bc6706455fa0d180f5548aa1c9aee1aead8a219d43e2c3e8a6a:922c64590222798bb761d5b6d8e72950