CVE-2023-41327

Name of the Vulnerable Software and Affected Versions WireMock versions prior to 2.35.1 WireMock versions prior to 3.0.3

Description The issue is related to insufficient checking of incoming requests in WireMock, a tool for mocking HTTP services. This can allow a remote attacker to redirect POST requests to arbitrary services. The filtering of target addresses from the proxy mode did not work for Webhooks until WireMock Webhooks Extension 3.0.0-beta-15, making users potentially vulnerable regardless of the limitProxyTargets settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance.

Recommendations For versions prior to 2.35.1, update to version 2.35.1 or later. For versions prior to 3.0.3, update to version 3.0.3 or later. For users unable to upgrade, use external firewall rules to define the list of permitted destinations. As a temporary workaround, consider restricting access to the WireMock webhooks configuration to minimize the risk of exploitation. Avoid using the limitProxyTargets settings alone as a security measure, as they were not effective for Webhooks until WireMock Webhooks Extension 3.0.0-beta-15.