{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39967", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-07T16:27:27.077Z", "datePublished": "2023-09-06T20:40:43.679Z", "dateUpdated": "2024-08-02T18:18:10.120Z"}, "containers": {"cna": {"title": "Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc"}], "affected": [{"vendor": "wiremock", "product": "wiremock", "versions": [{"version": "All versions", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-06T20:40:43.679Z"}, "descriptions": [{"lang": "en", "value": "WireMock is a tool for mocking HTTP services. When certain request URLs like \u201c@127.0.0.1:1234\" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. There are 3 identified potential attack vectors: via \u201cTestRequester\u201d functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives."}], "source": {"advisory": "GHSA-676j-xrv3-73vc", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.120Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "94D6D047-97F7-4326-AAF8-09ACB980D549", "versionEndIncluding": "2.32.0-17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WireMock is a tool for mocking HTTP services. When certain request URLs like \u201c@127.0.0.1:1234\" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. There are 3 identified potential attack vectors: via \u201cTestRequester\u201d functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives."}, {"lang": "es", "value": "WireMock es una herramienta para imitar servicios HTTP. Cuando ciertas URL de solicitud como \"@127.0.0.1:1234\" se utilizan en los campos de configuraci\u00f3n de WireMock Studio, la solicitud podr\u00eda reenviarse a un servicio arbitrario accesible desde la instancia de WireMock. Hay 3 posibles vectores de ataque identificados: a trav\u00e9s de la funcionalidad \"TestRequester\", webhooks y el modo proxy. Como podemos controlar el m\u00e9todo HTTP, los encabezados HTTP y los datos HTTP, permite enviar solicitudes con el nivel predeterminado de credenciales para la instancia de WireMock. El proveedor ha descontinuado el producto Wiremock Studio afectado y no habr\u00e1 ning\u00fan parche. Se recomienda buscar alternativas."}], "id": "CVE-2023-39967", "lastModified": "2023-09-13T12:42:37.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-06T21:15:13.320", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}