CVE-2023-39967

Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio

Severity Score

10.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.

WireMock es una herramienta para imitar servicios HTTP. Cuando ciertas URL de solicitud como "@127.0.0.1:1234" se utilizan en los campos de configuración de WireMock Studio, la solicitud podría reenviarse a un servicio arbitrario accesible desde la instancia de WireMock. Hay 3 posibles vectores de ataque identificados: a través de la funcionalidad "TestRequester", webhooks y el modo proxy. Como podemos controlar el método HTTP, los encabezados HTTP y los datos HTTP, permite enviar solicitudes con el nivel predeterminado de credenciales para la instancia de WireMock. El proveedor ha descontinuado el producto Wiremock Studio afectado y no habrá ningún parche. Se recomienda buscar alternativas.

*Credits: N/A

CVSS Scores

NISTv3.1 10.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-08-07 CVE Reserved
2023-09-06 CVE Published
2024-09-26 CVE Updated
2024-09-26 First Exploit
2024-10-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc	2024-09-26

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wiremock Search vendor "Wiremock"		Studio Search vendor "Wiremock" for product "Studio"				<= 2.32.0-17 Search vendor "Wiremock" for product "Studio" and version " <= 2.32.0-17"		-		Affected