{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23639", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-19T00:18:53.233Z", "datePublished": "2024-02-09T00:15:34.496Z", "dateUpdated": "2024-08-01T23:06:25.336Z"}, "containers": {"cna": {"title": "micronaut-core management endpoints vulnerable to drive-by localhost attack", "problemTypes": [{"descriptions": [{"cweId": "CWE-15", "lang": "en", "description": "CWE-15: External Control of System or Configuration Setting", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-664", "lang": "en", "description": "CWE-664: Improper Control of a Resource Through its Lifetime", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-610", "lang": "en", "description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf"}, {"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", "tags": ["x_refsource_MISC"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"}], "affected": [{"vendor": "micronaut-projects", "product": "micronaut-core", "versions": [{"version": "< 3.8.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-09T00:15:34.496Z"}, "descriptions": [{"lang": "en", "value": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade."}], "source": {"advisory": "GHSA-583g-g682-crxf", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T15:05:36.495631Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:04.323Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.336Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf"}, {"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf", "name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", "name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.336Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T15:05:36.495631Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:12.828Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "micronaut-core management endpoints vulnerable to drive-by localhost attack", "source": {"advisory": "GHSA-583g-g682-crxf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "micronaut-projects", "product": "micronaut-core", "versions": [{"status": "affected", "version": "< 3.8.3"}]}], "references": [{"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf", "name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", "name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-15", "description": "CWE-15: External Control of System or Configuration Setting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-664", "description": "CWE-664: Improper Control of a Resource Through its Lifetime"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-610", "description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-09T00:15:34.496Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23639", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:06:25.336Z", "dateReserved": "2024-01-19T00:18:53.233Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-09T00:15:34.496Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FE06CE0-3CED-4A8E-8B66-3773C15010BC", "versionEndExcluding": "3.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade."}, {"lang": "es", "value": "Micronaut Framework es un framework Java moderno, de pila completa y basado en JVM, manipulado para crear aplicaciones JVM modulares y f\u00e1cilmente comprobables con soporte para Java, Kotlin y el lenguaje Groovy. Los endpoints de administraci\u00f3n habilitados pero no seguros son susceptibles a ataques de host local. Si bien no son t\u00edpicos de una aplicaci\u00f3n de producci\u00f3n, estos ataques pueden tener un mayor impacto en un entorno de desarrollo donde dichos endpoints pueden activarse sin pensarlo mucho. Un sitio web malicioso o comprometido puede realizar solicitudes HTTP a \"localhost\". Normalmente, dichas solicitudes desencadenar\u00edan una verificaci\u00f3n previa de CORS que impedir\u00eda la solicitud; sin embargo, algunas solicitudes son \"simples\" y no requieren una verificaci\u00f3n previa. Estos endpoints, si est\u00e1n habilitados y no protegidos, son vulnerables a ser activados. Los entornos de producci\u00f3n normalmente desactivan los endpoints no utilizados y protegen/restringen el acceso a los endpoints necesarios. Una v\u00edctima m\u00e1s probable es el desarrollador de su host de desarrollo local, que ha habilitado endpoints sin seguridad para facilitar el desarrollo. Este problema se solucion\u00f3 en la versi\u00f3n 3.8.3. Se recomienda a los usuarios que actualicen."}], "id": "CVE-2024-23639", "lastModified": "2024-11-21T08:58:03.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-09T01:15:09.867", "references": [{"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-15"}, {"lang": "en", "value": "CWE-610"}, {"lang": "en", "value": "CWE-664"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}