CVE-2023-39967

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*

History

13 Sep 2023, 12:42

Type	Values Removed	Values Added
First Time		Wiremock Wiremock studio
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 10.0
CPE		cpe:2.3:a:wiremock:studio::::::::
References	~~(MISC) https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc -~~	(MISC) https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc - Exploit, Vendor Advisory

06 Sep 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-06 21:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-39967

Mitre link : CVE-2023-39967

CVE.ORG link : CVE-2023-39967

JSON object : View

Products Affected

wiremock

studio

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2023-39967", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2023-09-06T21:15:13.320", "references": [{"url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "WireMock is a tool for mocking HTTP services. When certain request URLs like \u201c@127.0.0.1:1234\" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. There are 3 identified potential attack vectors: via \u201cTestRequester\u201d functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives."}, {"lang": "es", "value": "WireMock es una herramienta para imitar servicios HTTP. Cuando ciertas URL de solicitud como \"@127.0.0.1:1234\" se utilizan en los campos de configuraci\u00f3n de WireMock Studio, la solicitud podr\u00eda reenviarse a un servicio arbitrario accesible desde la instancia de WireMock. Hay 3 posibles vectores de ataque identificados: a trav\u00e9s de la funcionalidad \"TestRequester\", webhooks y el modo proxy. Como podemos controlar el m\u00e9todo HTTP, los encabezados HTTP y los datos HTTP, permite enviar solicitudes con el nivel predeterminado de credenciales para la instancia de WireMock. El proveedor ha descontinuado el producto Wiremock Studio afectado y no habr\u00e1 ning\u00fan parche. Se recomienda buscar alternativas."}], "lastModified": "2023-09-13T12:42:37.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94D6D047-97F7-4326-AAF8-09ACB980D549", "versionEndIncluding": "2.32.0-17"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}