- Description
- WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations.
- Source
- security-advisories@github.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-918
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94D6D047-97F7-4326-AAF8-09ACB980D549",
"versionEndIncluding": "2.32.0-17"
},
{
"criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "418B9CC0-59C9-4560-9E92-5C0B1D547916",
"versionEndExcluding": "2.35.1",
"versionStartIncluding": "2.0.0"
},
{
"criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E2F15FC-7298-49C1-9C37-6B0AE0C5B272",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0"
}
],
"operator": "OR"
}
]
}
]