CVE-2023-52251

Name of the Vulnerable Software and Affected Versions provectus kafka-ui versions 0.4.0 through 0.7.1

Description The issue is related to incorrect code generation management in the web interface for managing Apache Kafka clusters, kafka-ui. Exploitation of this issue may allow a remote attacker to execute arbitrary code by sending a specially crafted request to the "/api/clusters/local/topics/{topic}/messages" endpoint, specifically via the q parameter.

Recommendations For provectus kafka-ui versions 0.4.0 through 0.7.1, consider disabling access to the "/api/clusters/local/topics/{topic}/messages" endpoint until a patch is available. Restrict the use of the q parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.