CVE-2021-32827

MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine. With an overly broad default CORS configuration MockServer allows any site to send cross-site requests. Additionally, MockServer allows you to create dynamic expectations using Javascript or Velocity templates. Both engines may allow an attacker to execute arbitrary code on-behalf of MockServer. By combining these two issues (Overly broad CORS configuration + Script injection), an attacker could serve a malicious page so that if a developer running MockServer visits it, they will get compromised. For more details including a PoC see the referenced GHSL-2021-059.

CVSS v3 9.6 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://securitylab.github.com/advisories/GHSL-2021-059-mockserver/	Exploit Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mock-server:mockserver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-16 21:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-32827

Mitre link : CVE-2021-32827

CVE.ORG link : CVE-2021-32827

JSON object : View

Products Affected

oracle

communications_cloud_native_core_policy

mock-server

mockserver

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2021-32827", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.6}]}, "published": "2021-08-16T21:15:08.373", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2021-059-mockserver/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine. With an overly broad default CORS configuration MockServer allows any site to send cross-site requests. Additionally, MockServer allows you to create dynamic expectations using Javascript or Velocity templates. Both engines may allow an attacker to execute arbitrary code on-behalf of MockServer. By combining these two issues (Overly broad CORS configuration + Script injection), an attacker could serve a malicious page so that if a developer running MockServer visits it, they will get compromised. For more details including a PoC see the referenced GHSL-2021-059."}, {"lang": "es", "value": "MockServer es un software de c\u00f3digo abierto que permite burlarse f\u00e1cilmente de cualquier sistema con el que se integre por medio de HTTP o HTTPS. Un atacante que pueda enga\u00f1ar a una v\u00edctima para que visite un sitio malicioso mientras ejecuta MockServer localmente, ser\u00e1 capaz de ejecutar c\u00f3digo arbitrario en la m\u00e1quina MockServer. Con una configuraci\u00f3n CORS demasiado amplia por defecto, MockServer permite que cualquier sitio env\u00ede peticiones de tipo cross-site. Adem\u00e1s, MockServer permite crear expectativas din\u00e1micas usando plantillas Javascript o Velocity. Ambos motores pueden permitir a un atacante ejecutar c\u00f3digo arbitrario en MockServer. Al Combinar estos dos problemas (configuraci\u00f3n de CORS demasiado amplia + inyecci\u00f3n de scripts), un atacante podr\u00eda servir una p\u00e1gina maliciosa de forma que si un desarrollador que ejecuta MockServer la visita, se ver\u00e1 comprometido. Para m\u00e1s detalles, incluyendo un PoC, consulte el referido GHSL-2021-059."}], "lastModified": "2022-07-02T18:21:03.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mock-server:mockserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10B2D3BA-12C1-4848-9A44-27FEBAFA48CA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}