CVE-2023-39967 (GCVE-0-2023-39967)
Vulnerability from cvelistv5
Published
2023-09-06 20:40
Modified
2024-09-26 15:11
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Summary
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.
References
Impacted products
Vendor Product Version
wiremock wiremock Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:18:10.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wiremock",
            "vendor": "wiremock",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39967",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T14:43:34.238733Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:11:42.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wiremock",
          "vendor": "wiremock",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "WireMock is a tool for mocking HTTP services. When certain request URLs like \u201c@127.0.0.1:1234\" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. There are 3 identified potential attack vectors: via \u201cTestRequester\u201d functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-06T20:40:43.679Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc"
        }
      ],
      "source": {
        "advisory": "GHSA-676j-xrv3-73vc",
        "discovery": "UNKNOWN"
      },
      "title": "Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-39967",
    "datePublished": "2023-09-06T20:40:43.679Z",
    "dateReserved": "2023-08-07T16:27:27.077Z",
    "dateUpdated": "2024-09-26T15:11:42.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-39967\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-06T21:15:13.320\",\"lastModified\":\"2024-11-21T08:16:08.490\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WireMock is a tool for mocking HTTP services. When certain request URLs like \u201c@127.0.0.1:1234\\\" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. There are 3 identified potential attack vectors: via \u201cTestRequester\u201d functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.\"},{\"lang\":\"es\",\"value\":\"WireMock es una herramienta para imitar servicios HTTP. Cuando ciertas URL de solicitud como \\\"@127.0.0.1:1234\\\" se utilizan en los campos de configuraci\u00f3n de WireMock Studio, la solicitud podr\u00eda reenviarse a un servicio arbitrario accesible desde la instancia de WireMock. Hay 3 posibles vectores de ataque identificados: a trav\u00e9s de la funcionalidad \\\"TestRequester\\\", webhooks y el modo proxy. Como podemos controlar el m\u00e9todo HTTP, los encabezados HTTP y los datos HTTP, permite enviar solicitudes con el nivel predeterminado de credenciales para la instancia de WireMock. El proveedor ha descontinuado el producto Wiremock Studio afectado y no habr\u00e1 ning\u00fan parche. Se recomienda buscar alternativas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.32.0-17\",\"matchCriteriaId\":\"94D6D047-97F7-4326-AAF8-09ACB980D549\"}]}]}],\"references\":[{\"url\":\"https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc\", \"name\": \"https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:18:10.120Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-39967\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-26T14:43:34.238733Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*\"], \"vendor\": \"wiremock\", \"product\": \"wiremock\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-26T15:11:33.924Z\"}}], \"cna\": {\"title\": \"Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio\", \"source\": {\"advisory\": \"GHSA-676j-xrv3-73vc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"wiremock\", \"product\": \"wiremock\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}]}], \"references\": [{\"url\": \"https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc\", \"name\": \"https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"WireMock is a tool for mocking HTTP services. When certain request URLs like \\u201c@127.0.0.1:1234\\\" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock\\u2019s instance. There are 3 identified potential attack vectors: via \\u201cTestRequester\\u201d functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-09-06T20:40:43.679Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-39967\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-26T15:11:42.697Z\", \"dateReserved\": \"2023-08-07T16:27:27.077Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-09-06T20:40:43.679Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.