Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistGitHub_MCVELIST:CVE-2023-41327
HistorySep 06, 2023 - 8:38 p.m.

CVE-2023-41327 Controlled SSRF through URL in the WireMock

2023-09-0620:38:45
CWE-918
GitHub_M
www.cve.org
3
cve-2023-41327; ssrf; wiremock; webhooks; http services; proxying; filtering; docker container; security vulnerabilty; upgrade; firewall rules

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first.

Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the limitProxyTargets settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations.

CNA Affected

[
  {
    "vendor": "wiremock",
    "product": "wiremock",
    "versions": [
      {
        "version": " org.wiremock:wiremock-webhooks-extension: >= 2.0.0, < 2.35.1",
        "status": "affected"
      },
      {
        "version": " org.wiremock:wiremock-webhooks-extension: >= 3.0.0, < 3.0.3",
        "status": "affected"
      },
      {
        "version": " wiremock-studio: All versions",
        "status": "affected"
      }
    ]
  }
]

Related

nvd 1
veracode 1
prion 1
cve 1
osv 3
vulnrichment 1
github 2
nvd
nvd
CVE-2023-41327
2023-09-06 21:15:14
veracode
veracode
Server Side Request Forgery (SSRF)
2023-09-08 11:53:29
prion
prion
Design/Logic Flaw
2023-09-06 21:15:00
cve
cve
CVE-2023-41327
2023-09-06 21:15:14
osv
osv
CVE-2023-41327
2023-09-06 21:15:14
WireMock Controlled Server Side Request Forgery vulnerability through URL
2023-09-06 20:51:42
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
2023-09-08 12:19:49
vulnrichment
vulnrichment
CVE-2023-41327 Controlled SSRF through URL in the WireMock
2023-09-06 20:38:45
github
github
WireMock Controlled Server Side Request Forgery vulnerability through URL
2023-09-06 20:51:42
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
2023-09-08 12:19:49

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON
Related for CVELIST:CVE-2023-41327
nvd1veracode1prion1cve1osv3vulnrichment1github2