CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%
Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.
A malicious/compromised website can make HTTP requests to localhost
. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.
Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.
Vendor | Product | Version | CPE |
---|---|---|---|
io.micronaut | micronaut-http-server-tck | * | cpe:2.3:a:io.micronaut:micronaut-http-server-tck:*:*:*:*:*:*:*:* |
io.micronaut | micronaut-http-server-netty | * | cpe:2.3:a:io.micronaut:micronaut-http-server-netty:*:*:*:*:*:*:*:* |
io.micronaut | micronaut-http-server | * | cpe:2.3:a:io.micronaut:micronaut-http-server:*:*:*:*:*:*:*:* |
developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
github.com/advisories/GHSA-583g-g682-crxf
github.com/micronaut-projects/micronaut-core/commit/01adb21e57137caaf7004313d2055c5a78b1f47b
github.com/micronaut-projects/micronaut-core/pull/8642
github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf
nvd.nist.gov/vuln/detail/CVE-2024-23639