CVE-2023-41327
published 2023-09-06CVE-2023-41327: WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is…
PriorityP428medium5.4CVSS 3.1
AVAACLPRNUINSUCNILAL
EPSS
0.47%
37.1th percentile
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first.
Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wiremock | studio | <= 2.32.0-17 | — |
| wiremock | wiremock | — | — |
| wiremock | wiremock | — | — |
| wiremock | wiremock | — | — |
| wiremock | wiremock | >= 0 < 2.6.1 | 2.6.1 |
| wiremock | wiremock | >= 2.0.0 < 2.35.1 | 2.35.1 |
| wiremock | wiremock | >= 3.0.0 < 3.0.3 | 3.0.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
osv·2023-09-08
CVE-2023-41329 [LOW] Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
### Impact
The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in [Preventing proxying to and recording from specific target addresses](https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses). These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions.
The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the init
GHSA
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
ghsa·2023-09-08
CVE-2023-41329 [LOW] CWE-290 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
### Impact
The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in [Preventing proxying to and recording from specific target addresses](https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses). These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions.
The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the init
OSV
WireMock Controlled Server Side Request Forgery vulnerability through URL
osv·2023-09-06
CVE-2023-41327 [MEDIUM] WireMock Controlled Server Side Request Forgery vulnerability through URL
WireMock Controlled Server Side Request Forgery vulnerability through URL
### Impact
WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. [Documentation](https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses).
Until WireMock Webhooks Extension [3.0.0-beta-15](https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15), the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings.
Via the WireMock webhooks configuration, POST requests from a webho
GHSA
WireMock Controlled Server Side Request Forgery vulnerability through URL
ghsa·2023-09-06
CVE-2023-41327 [MEDIUM] CWE-918 WireMock Controlled Server Side Request Forgery vulnerability through URL
WireMock Controlled Server Side Request Forgery vulnerability through URL
### Impact
WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. [Documentation](https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses).
Until WireMock Webhooks Extension [3.0.0-beta-15](https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15), the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings.
Via the WireMock webhooks configuration, POST requests from a webho
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresseshttps://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses
2023-09-06
Published