Miggo Logo
Miggo Vulnerability Database
CVE-2023-27162

CVE-2023-27162: OpenAPI Generator vulnerable to Server-Side Request Forgery

9.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-27162
GHSA ID
GHSA-wg4w-5m5r-w3p8
EPSS Score
0.28302%
CWE
CWE-918
Published
3/31/2023
Updated
4/7/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.openapitools:openapi-generator-projectmaven<= 6.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in endpoints that accept user-supplied URLs for OpenAPI spec retrieval. The functions handling these endpoints (generateClient and generateServer) directly use the 'openAPIUrl' parameter to make outbound HTTP requests without validating allowed domains/IP ranges. This matches the SSRF behavior described in CVE-2023-27162 where crafted API requests can access network resources. The POC demonstrates SSRF via DNS callbacks when providing attacker-controlled URLs, confirming the lack of input validation in these code paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

op*n*pi-**n*r*tor up to v*.*.* w*s *is*ov*r** to *ont*in * S*rv*r-Si** R*qu*st *or**ry (SSR*) vi* t** *ompon*nt `/*pi/**n/*li*nts/{l*n*u***}`. T*is vuln*r**ility *llows *tt**k*rs to ****ss n*twork r*sour**s *n* s*nsitiv* in*orm*tion vi* * *r**t** *PI

Reasoning

T** vuln*r**ility m*ni**sts in *n*points t**t ****pt us*r-suppli** URLs *or Op*n*PI sp** r*tri*v*l. T** *un*tions **n*lin* t**s* *n*points (`**n*r*t**li*nt` *n* `**n*r*t*S*rv*r`) *ir**tly us* t** 'op*n*PIUrl' p*r*m*t*r to m*k* out*oun* *TTP r*qu*sts