Lucene search

K
githubGitHub Advisory DatabaseGHSA-583G-G682-CRXF
HistoryFeb 09, 2024 - 3:19 p.m.

Micronaut management endpoints vulnerable to drive-by localhost attack

2024-02-0915:19:15
CWE-15
CWE-610
CWE-664
GitHub Advisory Database
github.com
13
micronaut
management endpoints
drive-by attack
localhost
security vulnerability
development environment

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%

Summary

Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.

Details

A malicious/compromised website can make HTTP requests to localhost. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.

Impact

Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.

Affected configurations

Vulners
Node
io.micronautmicronaut-http-server-tckRange<3.8.3
OR
io.micronautmicronaut-http-server-nettyRange<3.8.3
OR
io.micronautmicronaut-http-serverRange<3.8.3
VendorProductVersionCPE
io.micronautmicronaut-http-server-tck*cpe:2.3:a:io.micronaut:micronaut-http-server-tck:*:*:*:*:*:*:*:*
io.micronautmicronaut-http-server-netty*cpe:2.3:a:io.micronaut:micronaut-http-server-netty:*:*:*:*:*:*:*:*
io.micronautmicronaut-http-server*cpe:2.3:a:io.micronaut:micronaut-http-server:*:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%