W0Rty

**Name of the Vulnerable Software and Affected Versions** WireMock Studio (affected versions not specified) **Description** WireMock is a tool for mocking HTTP services. When certain request URLs like "@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock's instance. There are 3 identified potential attack vectors: via "TestRequester" functionality, webhooks, and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. The vendor has discontinued the affected WireMock Studio product and there will be no fix. Users are advised to find alternatives. As a temporary workaround, consider disabling the "TestRequester" functionality, webhooks, and the proxy mode to minimize the risk of exploitation. Restrict access to the WireMock Studio configuration fields to prevent unauthorized changes. Avoid using request URLs that could be forwarded to arbitrary services until an alternative solution is implemented.

**Name of the Vulnerable Software and Affected Versions** WireMock versions prior to 2.35.1 WireMock versions prior to 3.0.3 **Description** The issue is related to insufficient checking of incoming requests in WireMock, a tool for mocking HTTP services. This can allow a remote attacker to redirect POST requests to arbitrary services. The filtering of target addresses from the proxy mode did not work for Webhooks until WireMock Webhooks Extension 3.0.0-beta-15, making users potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. **Recommendations** For versions prior to 2.35.1, update to version 2.35.1 or later. For versions prior to 3.0.3, update to version 3.0.3 or later. For users unable to upgrade, use external firewall rules to define the list of permitted destinations. As a temporary workaround, consider restricting access to the WireMock webhooks configuration to minimize the risk of exploitation. Avoid using the `limitProxyTargets` settings alone as a security measure, as they were not effective for Webhooks until WireMock Webhooks Extension 3.0.0-beta-15.

**Name of the Vulnerable Software and Affected Versions** WireMock versions prior to 2.35.1 WireMock versions prior to 3.0.3 Python WireMock versions prior to 2.6.1 WireMock Studio (all versions) **Description** The issue is related to the proxy mode of WireMock, which can be protected by network restrictions configuration. However, when these restrictions are configured using domain names, the configuration is vulnerable to DNS rebinding attacks. The root cause of the attack is a defect in the logic that allows for a race condition triggered by a DNS server whose address expires between the initial validation and the outbound network request. Control over a DNS service is required to exploit this attack, resulting in high execution complexity and limited impact. **Recommendations** For WireMock versions prior to 2.35.1: Upgrade to version 2.35.1 or later, or configure WireMock to use IP addresses instead of domain names, or use external firewall rules to define the list of permitted destinations. For WireMock versions prior to 3.0.3: Upgrade to version 3.0.3 or later, or configure WireMock to use IP addresses instead of domain names, or use external firewall rules to define the list of permitted destinations. For Python WireMock versions prior to 2.6.1: Upgrade to version 2.6.1 or later. For WireMock Studio: Switch to another distribution, as there will be no fix provided, and consider migrating to WireMock Cloud.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue is related to the lack of proper sanitization of external links, which can be used for a Cross-Site Scripting (XSS) attack. This allows a remote attacker to exploit the vulnerability. **Recommendations** For versions prior to 10.0.4, upgrade to GLPI 10.0.4 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.4 **Description** The issue is related to the usage of RSS feeds or an external calendar in planning, which is subject to a Server-Side Request Forgery (SSRF) exploit. If a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by the administrator. This could allow a remote attacker to redirect users to an arbitrary URL. **Recommendations** For versions prior to 10.0.4, upgrade to version 10.0.4 to resolve the issue. As a temporary workaround, consider disabling the usage of RSS feeds or external calendars in planning until the patch is applied. Restrict access to the planning feature to minimize the risk of exploitation.