5.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-23639

CVE-2024-23639: Micronaut management endpoints vulnerable to drive-by localhost attack

Summary

Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.

Details

A malicious/compromised website can make HTTP requests to localhost. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.

Impact

Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-23639

CVE-2024-23639:

5.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
io.micronaut:micronaut-http-server	maven	< 3.8.3	3.8.3
io.micronaut:micronaut-http-server-netty	maven	< 3.8.3	3.8.3
io.micronaut:micronaut-http-server-tck	maven	< 3.8.3	3.8.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from insufficient validation of localhost/loopback addresses in CORS checks. The pre-patch code in CorsFilter.java used naive string matching that failed to: 1) Recognize 127.x.x.x IP addresses as local, 2) Properly validate() origin hostnames via URI parsing. The commit introduced isHostLocal() and isOriginLocal() to address these gaps by checking for multiple local patterns and using proper URI validation. The vulnerable functions directly implemented the flawed validation logic that allowed simple requests from external origins to target localhost endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-23639: Micronaut management endpoints vulnerable to drive-by localhost attack

Summary

Details

Impact

CVE-2024-23639:

5.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-23639: Micronaut management endpoints vulnerable to drive-by localhost attack

Summary

Details

Impact

5.1

5.1

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI