FKIE_CVE-2023-39967

Vulnerability from fkie_nvd - Published: 2023-09-06 21:15 - Updated: 2024-11-21 08:16
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.
References
security-advisories@github.comhttps://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vcExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vcExploit, Vendor Advisory
Impacted products
Vendor Product Version
wiremock studio *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94D6D047-97F7-4326-AAF8-09ACB980D549",
              "versionEndIncluding": "2.32.0-17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WireMock is a tool for mocking HTTP services. When certain request URLs like \u201c@127.0.0.1:1234\" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. There are 3 identified potential attack vectors: via \u201cTestRequester\u201d functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives."
    },
    {
      "lang": "es",
      "value": "WireMock es una herramienta para imitar servicios HTTP. Cuando ciertas URL de solicitud como \"@127.0.0.1:1234\" se utilizan en los campos de configuraci\u00f3n de WireMock Studio, la solicitud podr\u00eda reenviarse a un servicio arbitrario accesible desde la instancia de WireMock. Hay 3 posibles vectores de ataque identificados: a trav\u00e9s de la funcionalidad \"TestRequester\", webhooks y el modo proxy. Como podemos controlar el m\u00e9todo HTTP, los encabezados HTTP y los datos HTTP, permite enviar solicitudes con el nivel predeterminado de credenciales para la instancia de WireMock. El proveedor ha descontinuado el producto Wiremock Studio afectado y no habr\u00e1 ning\u00fan parche. Se recomienda buscar alternativas."
    }
  ],
  "id": "CVE-2023-39967",
  "lastModified": "2024-11-21T08:16:08.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-06T21:15:13.320",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.