.. / CVE-2023-25194

Exploit for Apache Druid Kafka Connect - Remote Code Execution (CVE-2023-25194)

Description:

The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API

Nuclei Template

View the template here CVE-2023-25194.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-25194.yaml
Copy

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194
https://nvd.nist.gov/vuln/detail/CVE-2023-25194
http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html
https://kafka.apache.org/cve-list
https://github.com/nbxiglk0/Note/blob/0ddc14ecd296df472726863aa5d1f0f29c8adcc4/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/Java/ApacheDruid/ApacheDruid%20Kafka-rce/ApacheDruid%20Kafka-rce.md#apachedruid-kafka-connect-rce