Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01ODNnLWc2ODItY3J4Zs4AA5Lp

Micronaut management endpoints vulnerable to drive-by localhost attack

Summary

Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.

Details

A malicious/compromised website can make HTTP requests to localhost. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.

Impact

Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.

Permalink: https://github.com/advisories/GHSA-583g-g682-crxf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01ODNnLWc2ODItY3J4Zs4AA5Lp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 21 days ago
Updated: 21 days ago


CVSS Score: 5.1
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Identifiers: GHSA-583g-g682-crxf, CVE-2024-23639
References:

Affected Packages

maven:io.micronaut:micronaut-http-server-tck
Versions: < 3.8.3
Fixed in: 3.8.3
maven:io.micronaut:micronaut-http-server-netty
Versions: < 3.8.3
Fixed in: 3.8.3
maven:io.micronaut:micronaut-http-server
Versions: < 3.8.3
Fixed in: 3.8.3