GitHub Advisory DatabaseGHSA-583G-G682-CRXFMicronaut management endpoints vulnerable to drive-by localhost attack
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Summary
Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.
Details
A malicious/compromised website can make HTTP requests to localhost. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.
Impact
Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.
Affected configurations
References
developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
github.com/advisories/GHSA-583g-g682-crxf
github.com/micronaut-projects/micronaut-core/commit/01adb21e57137caaf7004313d2055c5a78b1f47b
github.com/micronaut-projects/micronaut-core/pull/8642
github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf
nvd.nist.gov/vuln/detail/CVE-2024-23639
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%