cbcvebase.
CVE-2023-41327
published 2023-09-06

CVE-2023-41327: WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is…

PriorityP428medium5.4CVSS 3.1
AVAACLPRNUINSUCNILAL
EPSS
0.47%
37.1th percentile
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations.

Affected

7 ranges
VendorProductVersion rangeFixed in
wiremockstudio<= 2.32.0-17
wiremockwiremock
wiremockwiremock
wiremockwiremock
wiremockwiremock>= 0 < 2.6.12.6.1
wiremockwiremock>= 2.0.0 < 2.35.12.35.1
wiremockwiremock>= 3.0.0 < 3.0.33.0.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.