Headline

GHSA-583g-g682-crxf: Micronaut management endpoints vulnerable to drive-by localhost attack

Summary

Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.

Details

A malicious/compromised website can make HTTP requests to localhost. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.

Impact

Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.

7 months ago

ghsa

Open in Source

#vulnerability #web #git #java #maven

Package

maven io.micronaut:micronaut-http-server (Maven)

Affected versions

< 3.8.3

Patched versions

3.8.3

maven io.micronaut:micronaut-http-server-netty (Maven)

< 3.8.3

3.8.3

maven io.micronaut:micronaut-http-server-tck (Maven)

< 3.8.3

3.8.3

Description

Summary

Details

A malicious/compromised website can make HTTP requests to localhost. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.

Impact

References