Vulnerabilites related to geoserver - geoserver
Vulnerability from fkie_nvd
Published
2024-03-20 18:15
Modified
2024-12-17 20:13
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E1A204-C95D-4B7B-8C8A-E5639834BB97",
"versionEndExcluding": "2.23.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:2.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3EB58700-BA62-496A-BA24-5A08942C1BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a la 2.23.4 y 2.24.1 que permite a un administrador autenticado con privilegios a nivel de espacio de trabajo almacenar un payload de JavaScript en el cat\u00e1logo de GeoServer que se ejecutar\u00e1 en el contexto de la cuenta de otro usuario. navegador cuando se ve en el formato de salida WMS GetMap SVG cuando el renderizador SVG simple est\u00e1 habilitado. El acceso al formato WMS SVG est\u00e1 disponible para todos los usuarios de forma predeterminada, aunque la seguridad de los datos y del servicio puede limitar la capacidad de los usuarios para activar el XSS. Las versiones 2.23.4 y 2.24.1 contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-23642",
"lastModified": "2024-12-17T20:13:55.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T18:15:08.590",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7173"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11152"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-12 15:15
Modified
2024-11-21 08:07
Severity ?
Summary
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D34052-AC8F-45BB-AFEE-4881BE46CD74",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version."
}
],
"id": "CVE-2023-35042",
"lastModified": "2024-11-21T08:07:52.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-12T15:15:09.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://isc.sans.edu/diary/29936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://isc.sans.edu/diary/29936"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 15:15
Modified
2024-12-18 21:58
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E1A204-C95D-4B7B-8C8A-E5639834BB97",
"versionEndExcluding": "2.23.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:2.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2AC1E3-918D-4078-9306-52512A7BE8A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de carga de archivos arbitrarios en versiones anteriores a 2.23.4 y 2.24.1 que permite a un administrador autenticado con permisos para modificar almacenes de cobertura a trav\u00e9s de la API de almac\u00e9n de cobertura REST cargar contenidos de archivos arbitrarios en ubicaciones de archivos arbitrarias, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo. Los almacenes de cobertura que se configuran mediante rutas relativas utilizan una implementaci\u00f3n de recursos de GeoServer que tiene validaci\u00f3n para evitar el path traversal, pero los almacenes de cobertura que se configuran mediante rutas absolutas utilizan una implementaci\u00f3n de recursos diferente que no evita el path traversal. Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un administrador con privilegios limitados tambi\u00e9n podr\u00eda aprovechar esto para sobrescribir los archivos de seguridad de GeoServer y obtener privilegios de administrador completos. Las versiones 2.23.4 y 2.24.1 contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2023-51444",
"lastModified": "2024-12-18T21:58:24.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T15:15:07.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7222"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11176"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 18:15
Modified
2024-12-17 20:13
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E1A204-C95D-4B7B-8C8A-E5639834BB97",
"versionEndExcluding": "2.23.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:2.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3EB58700-BA62-496A-BA24-5A08942C1BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a la 2.23.4 y 2.24.1 que permite a un administrador autenticado con privilegios a nivel de espacio de trabajo almacenar un payload de JavaScript en el cat\u00e1logo de GeoServer que se ejecutar\u00e1 en el contexto de la cuenta de otro usuario. navegador cuando se ve en la p\u00e1gina HTML de MapML. La extensi\u00f3n MapML debe estar instalada y el acceso a la p\u00e1gina HTML de MapML est\u00e1 disponible para todos los usuarios, aunque la seguridad de los datos puede limitar la capacidad de los usuarios para activar el XSS. Las versiones 2.23.4 y 2.24.1 contienen un parche para este problema."
}
],
"id": "CVE-2024-23819",
"lastModified": "2024-12-17T20:13:05.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T18:15:09.970",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7175"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11154"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 16:15
Modified
2024-12-18 21:56
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6CFB3-1A7B-4436-B927-6455629A0062",
"versionEndExcluding": "2.23.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator\u0027s browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de Cross Site Scripting (XSS) almacenado en versiones anteriores a 2.23.3 y 2.24.0 que permite a un administrador autenticado con privilegios a nivel de espacio de trabajo almacenar un payload de JavaScript en recursos de estilo/leyenda cargados que se ejecutar\u00e1n en el contexto del navegador de otro administrador cuando se visualicen en la API de recursos REST. El acceso a la API de recursos REST est\u00e1 limitado a administradores completos de forma predeterminada y se debe considerar cuidadosamente la concesi\u00f3n de acceso a este endpoint a personas que no sean administradores, ya que puede permitir el acceso a archivos que contienen informaci\u00f3n confidencial. Las versiones 2.23.3 y 2.24.0 contienen un parche para este problema."
}
],
"id": "CVE-2023-51445",
"lastModified": "2024-12-18T21:56:24.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T16:15:07.640",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7161"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11148"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-01 15:15
Modified
2024-11-21 09:19
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured.
The `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator’s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly.
Users should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "779270D7-89BA-47CA-A5E5-4539668BC18E",
"versionEndExcluding": "2.24.4",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F63F5E42-FB6D-4264-BF8A-17DEB863054C",
"versionEndExcluding": "2.25.1",
"versionStartIncluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer\u0027s Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules\u0027 status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured.\n\nThe `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator\u2019s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly.\n\nUsers should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. A partir de la versi\u00f3n 2.10.0 y antes de las versiones 2.24.4 y 2.25.1, la p\u00e1gina Estado del servidor de GeoServer y la API REST enumeran todas las variables de entorno y propiedades de Java para cualquier usuario de GeoServer con derechos administrativos como parte del mensaje de estado de esos m\u00f3dulos. Estas variables/propiedades tambi\u00e9n pueden contener informaci\u00f3n confidencial, como contrase\u00f1as de bases de datos o keys/tokens API. Adem\u00e1s, muchas im\u00e1genes de contenedores de GeoServer desarrolladas por la comunidad \"exportan\" otras credenciales desde sus scripts de inicio como variables de entorno al proceso de GeoServer (\"java\"). El alcance preciso del problema depende de qu\u00e9 imagen de contenedor se utiliza y c\u00f3mo est\u00e1 configurada. El endpoint API \"acerca del estado\" que impulsa la p\u00e1gina Estado del servidor solo est\u00e1 disponible para los administradores. Dependiendo del entorno operativo, los administradores pueden tener acceso leg\u00edtimo a las credenciales de otras maneras, pero este problema anula controles m\u00e1s sofisticados (como el acceso sin barreras a secretos o cuentas de rol). De forma predeterminada, GeoServer solo permite el acceso API autenticado del mismo origen. Esto limita las posibilidades de que un atacante externo utilice las credenciales de un administrador para obtener acceso a las credenciales. Los investigadores que encontraron la vulnerabilidad no pudieron determinar otras condiciones bajo las cuales la API REST de GeoServer pueda estar disponible de manera m\u00e1s amplia. Los usuarios deben actualizar las im\u00e1genes del contenedor para usar GeoServer 2.24.4 o 2.25.1 para corregir el error. Como workaround, deje las variables de entorno y las propiedades del sistema Java ocultas de forma predeterminada. Quienes brinden la opci\u00f3n de volver a habilitarlo deben comunicar el impacto y los riesgos para que los usuarios puedan tomar una decisi\u00f3n informada."
}
],
"id": "CVE-2024-34696",
"lastModified": "2024-11-21T09:19:13.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-01T15:15:16.907",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-01 14:15
Modified
2024-12-18 22:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is also deployed as a web archive using the data directory embedded in the `geoserver.war` file (rather than an external data directory), it will likely be possible to read specific resources to gain administrator privileges. However, it is very unlikely that production environments will be using the embedded data directory since, depending on how GeoServer is deployed, it will be erased and re-installed (which would also reset to the default password) either every time the server restarts or every time a new GeoServer WAR is installed and is therefore difficult to maintain. An external data directory will always be used if GeoServer is running in standalone mode (via an installer or a binary). Versions 2.23.5 and 2.24.3 contain a patch for the issue. Some workarounds are available. One may change from a Windows environment to a Linux environment; or change from Apache Tomcat to Jetty application server. One may also disable anonymous access to the embeded GeoWebCache administration and status pages.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A1B3A-DDBD-43E0-8475-BA567DD3528E",
"versionEndExcluding": "2.23.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "439481B7-67BD-4B52-AF19-FC54302116AF",
"versionEndExcluding": "2.24.3",
"versionStartIncluding": "2.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is also deployed as a web archive using the data directory embedded in the `geoserver.war` file (rather than an external data directory), it will likely be possible to read specific resources to gain administrator privileges. However, it is very unlikely that production environments will be using the embedded data directory since, depending on how GeoServer is deployed, it will be erased and re-installed (which would also reset to the default password) either every time the server restarts or every time a new GeoServer WAR is installed and is therefore difficult to maintain. An external data directory will always be used if GeoServer is running in standalone mode (via an installer or a binary). Versions 2.23.5 and 2.24.3 contain a patch for the issue. Some workarounds are available. One may change from a Windows environment to a Linux environment; or change from Apache Tomcat to Jetty application server. One may also disable anonymous access to the embeded GeoWebCache administration and status pages."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. Antes de las versiones 2.23.5 y 2.24.3, si GeoServer se implementa en el sistema operativo Windows utilizando un servidor de aplicaciones web Apache Tomcat, es posible omitir la validaci\u00f3n de entrada existente en la clase GeoWebCache ByteStreamController y leer recursos de classpath arbitrarios con un nombre de archivo espec\u00edfico. extensiones. Si GeoServer tambi\u00e9n se implementa como un archivo web utilizando el directorio de datos integrado en el archivo `geoserver.war` (en lugar de un directorio de datos externo), probablemente ser\u00e1 posible leer recursos espec\u00edficos para obtener privilegios de administrador. Sin embargo, es muy poco probable que los entornos de producci\u00f3n utilicen el directorio de datos integrado ya que, dependiendo de c\u00f3mo se implemente GeoServer, se borrar\u00e1 y se reinstalar\u00e1 (lo que tambi\u00e9n restablecer\u00eda la contrase\u00f1a predeterminada) cada vez que se reinicie el servidor o cada vez que se instala un nuevo GeoServer WAR y por lo tanto es dif\u00edcil de mantener. Siempre se utilizar\u00e1 un directorio de datos externo si GeoServer se ejecuta en modo independiente (a trav\u00e9s de un instalador o un binario). Las versiones 2.23.5 y 2.24.3 contienen un parche para el problema. Algunas soluciones est\u00e1n disponibles. Se puede cambiar de un entorno Windows a un entorno Linux; o cambiar de Apache Tomcat al servidor de aplicaciones Jetty. Tambi\u00e9n se puede desactivar el acceso an\u00f3nimo a las p\u00e1ginas de estado y administraci\u00f3n de GeoWebCache integradas."
}
],
"id": "CVE-2024-24749",
"lastModified": "2024-12-18T22:08:46.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-01T14:15:05.350",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1211"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-14 14:30
Modified
2024-11-21 00:58
Severity ?
Summary
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| geoserver | geoserver | * | |
| geoserver | geoserver | 1.3.0 | |
| geoserver | geoserver | 1.3.0 | |
| geoserver | geoserver | 1.3.0 | |
| geoserver | geoserver | 1.3.0 | |
| geoserver | geoserver | 1.3.0 | |
| geoserver | geoserver | 1.3.0 | |
| geoserver | geoserver | 1.3.0 | |
| geoserver | geoserver | 1.3.2 | |
| geoserver | geoserver | 1.4.0 | |
| geoserver | geoserver | 1.4.0 | |
| geoserver | geoserver | 1.5.0 | |
| geoserver | geoserver | 1.5.0 | |
| geoserver | geoserver | 1.5.0 | |
| geoserver | geoserver | 1.5.1 | |
| geoserver | geoserver | 1.5.1 | |
| geoserver | geoserver | 1.5.2 | |
| geoserver | geoserver | 1.5.3 | |
| geoserver | geoserver | 1.6.0 | |
| geoserver | geoserver | 1.6.0 | |
| geoserver | geoserver | 1.6.0 | |
| geoserver | geoserver | 1.6.0 | |
| geoserver | geoserver | 1.6.0 | |
| geoserver | geoserver | 1.6.0 | |
| geoserver | geoserver | 1.7.0 | |
| geoserver | geoserver | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3EEBA7FF-3004-41A1-A803-35B5A7175A49",
"versionEndIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4C62CD-9AF7-4C6A-88AA-26829892A20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "37EDEF23-FF7A-44B7-8A0E-232264C172FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:pr1:*:*:*:*:*:*",
"matchCriteriaId": "B85C7FA5-F40A-4DAF-9F8D-58FC9F42DD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "033E86CF-49DF-4838-BA6C-E6087A5C72B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "620491F7-0AF2-4684-AA81-737B0D25B265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D2083302-AF38-4D99-8744-6A5A92A225DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "9DBDF056-06C2-4CB7-BA1F-FA8297B86458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E12CDE69-20CE-4265-94D8-683ACD15C21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.4.0:m0:*:*:*:*:*:*",
"matchCriteriaId": "23DC2899-05E8-4E2A-8865-3F07A21E7E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "306779D0-DB91-44F1-B96C-E8DBFBC42C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C4D89DD7-D7A2-470E-98CC-7DE5BE014C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A3B8CCC-CB10-4CC0-8A9F-1F3CDC506974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECC2970-8445-4CB6-B09C-8B890DDF6B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "468B27AB-5F0D-48C0-BA43-317271A507E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A36E07B7-67AA-466C-9CD8-F4199B01739A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35D08540-9125-4E1E-9E2F-54A237A1CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90191A81-3A2D-4ED6-A69C-1E43C0133EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C7C32C-0086-4B67-827D-112A33A690BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EBB59F80-4C47-4A80-A4A9-0AF125FD19F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "AA5AB47E-A6DD-4C58-9E4B-1C681C58F9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "642BEFCD-778B-443C-8863-CAFEAF877781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A9099646-CA75-4431-AAB1-9DF1DE40E567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "82F7E2B5-D036-469E-AE40-636A2585CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7EF678DB-679E-4DFF-B57F-5C51C3F0867E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "44C2E5C2-536C-4E89-9A9E-D9016D369FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an \"in memory buffer,\" which prevents the reporting of a service exception, with unknown impact and attack vectors."
},
{
"lang": "es",
"value": "PartialBufferOutputStream2 de GeoServer anterior a v1.6.1 y v1.7.0-beta1, intenta renovar los contenidos del b\u00fafer incluso cuando est\u00e1 trabajando un \"b\u00fafer en memoria\", esto evita que se muestren las excepciones en este servicio, lo que tiene un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2008-7227",
"lastModified": "2024-11-21T00:58:35.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-14T14:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jira.codehaus.org/browse/GEOS-1747"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/43266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jira.codehaus.org/browse/GEOS-1747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/43266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 18:15
Modified
2024-12-17 20:13
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6CFB3-1A7B-4436-B927-6455629A0062",
"versionEndExcluding": "2.23.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:2.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3EB58700-BA62-496A-BA24-5A08942C1BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users\u0027 ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a la 2.23.3 y 2.24.1 que permite a un administrador autenticado con privilegios a nivel de espacio de trabajo almacenar un payload de JavaScript en el cat\u00e1logo de GeoServer que se ejecutar\u00e1 en el contexto de la cuenta de otro usuario. navegador cuando se ve en el formato de salida WMS GetMap OpenLayers. El acceso al formato WMS OpenLayers est\u00e1 disponible para todos los usuarios de forma predeterminada, aunque la seguridad de los datos y del servicio puede limitar la capacidad de los usuarios para activar el XSS. Las versiones 2.23.3 y 2.24.1 contienen un parche para este problema."
}
],
"id": "CVE-2024-23818",
"lastModified": "2024-12-17T20:13:27.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T18:15:09.510",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7174"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11153"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 15:15
Modified
2024-12-18 22:01
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E92EC9EE-8E0B-40BA-A1FD-06AEB7F59EC1",
"versionEndIncluding": "2.23.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Una vulnerabilidad de path traversal en las versiones 2.23.4 y anteriores requiere que el administrador de GeoServer con acceso a la consola de administraci\u00f3n configure incorrectamente la configuraci\u00f3n global para la ubicaci\u00f3n del archivo de registro en una ubicaci\u00f3n arbitraria. La p\u00e1gina de registros de GeoServer de la consola de administraci\u00f3n proporciona una vista previa de estos contenidos. Como este problema requiere el acceso de los administradores de GeoServer, que a menudo representan una parte de confianza, la vulnerabilidad no ha recibido un parche al momento de la publicaci\u00f3n. Como workaround, un administrador de sistema responsable de ejecutar GeoServer puede usar la configuraci\u00f3n `GEOSERVER_LOG_FILE` para anular cualquier opci\u00f3n de configuraci\u00f3n proporcionada por la p\u00e1gina de configuraci\u00f3n global. El par\u00e1metro `GEOSERVER_LOG_LOCATION` se puede configurar como propiedad del sistema, variables de entorno o par\u00e1metros de contexto de servlet."
}
],
"id": "CVE-2023-41877",
"lastModified": "2024-12-18T22:01:15.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T15:15:07.500",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 16:15
Modified
2024-12-17 20:20
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
6.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
6.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A1B3A-DDBD-43E0-8475-BA567DD3528E",
"versionEndExcluding": "2.23.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4491225-6BEB-4C22-8F05-2C1D37795DE7",
"versionEndExcluding": "2.24.2",
"versionStartIncluding": "2.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn\u0027t already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de cambio de nombre de archivo arbitrario en versiones anteriores a 2.23.5 y 2.24.2 que permite a un administrador autenticado con permisos para modificar almacenes a trav\u00e9s de la API de almac\u00e9n de datos o almac\u00e9n de cobertura REST cambiar el nombre de archivos y directorios arbitrarios con un nombre que no termina en \".zip\". Las cargas de archivos del almac\u00e9n cambian el nombre de los archivos zip para que tengan una extensi\u00f3n \".zip\" si a\u00fan no la tienen antes de descomprimir el archivo. Esto est\u00e1 bien para los m\u00e9todos de carga de archivos y URL donde los archivos estar\u00e1n en un subdirectorio espec\u00edfico del directorio de datos pero, cuando se utiliza el m\u00e9todo de carga externo, esto permite cambiar el nombre de archivos y directorios arbitrarios. Cambiar el nombre de los archivos de GeoServer probablemente resultar\u00e1 en una denegaci\u00f3n de servicio, ya sea impidiendo por completo que GeoServer se ejecute o eliminando efectivamente recursos espec\u00edficos (como un espacio de trabajo, una capa o un estilo). En algunos casos, cambiar el nombre de los archivos de GeoServer podr\u00eda hacer que se vuelva a la configuraci\u00f3n predeterminada de ese archivo, lo que podr\u00eda ser relativamente inofensivo, como eliminar informaci\u00f3n de contacto, o tener consecuencias m\u00e1s graves, como permitir que los usuarios realicen solicitudes OGC que la configuraci\u00f3n personalizada les habr\u00eda impedido realizar. El impacto de cambiar el nombre de los archivos que no son de GeoServer depende del entorno espec\u00edfico, aunque es probable que se produzca alg\u00fan tipo de denegaci\u00f3n de servicio. Las versiones 2.23.5 y 2.24.2 contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-23634",
"lastModified": "2024-12-17T20:20:50.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T16:15:07.857",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7289"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11213"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-01 16:15
Modified
2024-11-29 15:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.
Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
References
Impacted products
{
"cisaActionDue": "2024-08-05",
"cisaExploitAdd": "2024-07-15",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "OSGeo GeoServer GeoTools Eval Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C28BE03-93E6-4FC4-AA6E-00E41AF25CB0",
"versionEndExcluding": "2.23.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A407E94-A7F2-4A4F-B96E-2B3DC8FF6DF3",
"versionEndExcluding": "2.24.4",
"versionStartIncluding": "2.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFBAEC7A-6250-45FE-AB54-30D72C03F62D",
"versionEndExcluding": "2.25.2",
"versionStartIncluding": "2.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "732DE428-3515-459F-AE5F-08407BA1A049",
"versionEndExcluding": "29.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B2BC3D-0015-4E5D-979A-AB7D18185A57",
"versionEndExcluding": "30.4",
"versionStartIncluding": "30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50BB4154-B19C-4BFD-8E88-9ED445680706",
"versionEndExcluding": "31.2",
"versionStartIncluding": "31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n\nThe GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.\n\nVersions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. Antes de las versiones 2.23.6, 2.24.4 y 2.25.2, varios par\u00e1metros de solicitud de OGC permit\u00edan la ejecuci\u00f3n remota de c\u00f3digo (RCE) por parte de usuarios no autenticados a trav\u00e9s de entradas especialmente dise\u00f1adas en una instalaci\u00f3n predeterminada de GeoServer debido a la evaluaci\u00f3n insegura de nombres de propiedades como expresiones XPath. La API de la librer\u00eda GeoTools a la que llama GeoServer eval\u00faa los nombres de propiedades/atributos para tipos de entidades de una manera que los pasa de manera insegura a la librer\u00eda commons-jxpath, que puede ejecutar c\u00f3digo arbitrario al evaluar expresiones XPath. Esta evaluaci\u00f3n XPath est\u00e1 destinada a ser utilizada \u00fanicamente por tipos de funciones complejas (es decir, almacenes de datos de esquemas de aplicaci\u00f3n), pero tambi\u00e9n se aplica incorrectamente a tipos de funciones simples, lo que hace que esta vulnerabilidad se aplique a **TODAS** las instancias de GeoServer. No se proporciona ninguna PoC p\u00fablica, pero se ha confirmado que esta vulnerabilidad es explotable a trav\u00e9s de solicitudes WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic y WPS Execute. Esta vulnerabilidad puede llevar a la ejecuci\u00f3n de c\u00f3digo arbitrario. Las versiones 2.23.6, 2.24.4 y 2.25.2 contienen un parche para el problema. Existe una workaround eliminando el archivo `gt-complex-xyjar` del GeoServer donde `xy` es la versi\u00f3n de GeoTools (por ejemplo, `gt-complex-31.1.jar` si ejecuta GeoServer 2.25.1). Esto eliminar\u00e1 el c\u00f3digo vulnerable de GeoServer, pero puede interrumpir algunas funciones de GeoServer o evitar que GeoServer se implemente si se necesita el m\u00f3dulo gt-complex."
}
],
"id": "CVE-2024-36401",
"lastModified": "2024-11-29T15:32:24.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-01T16:15:04.120",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/geotools/geotools/pull/4797"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/geotools/geotools/pull/4797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-95"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 16:15
Modified
2024-12-17 20:14
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6CFB3-1A7B-4436-B927-6455629A0062",
"versionEndExcluding": "2.23.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user\u0027s browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de Cross Site Scripting (XSS) almacenado en versiones anteriores a la 2.23.3 y la 2.24.0 que permite a un administrador autenticado con privilegios de nivel de espacio de trabajo almacenar un payload de JavaScript en recursos de estilo/leyenda cargados o en un archivo de almac\u00e9n de datos especialmente manipulado que se ejecutar\u00e1 en el contexto del navegador de otro usuario cuando se visualice en Style Publisher. El acceso a Style Publisher est\u00e1 disponible para todos los usuarios, aunque la seguridad de los datos puede limitar la capacidad de los usuarios para activar el XSS. Las versiones 2.23.3 y 2.24.0 contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-23640",
"lastModified": "2024-12-17T20:14:43.747",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T16:15:08.090",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7162"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7181"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11149"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/geoserver/geoserver/pull/7181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11155"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 18:15
Modified
2024-12-17 20:13
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F58354C1-10A5-4A55-8A22-7DADEEC5ED15",
"versionEndExcluding": "2.23.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:2.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3EB58700-BA62-496A-BA24-5A08942C1BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator\u2019s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a la 2.23.2 y 2.24.1 que permite a un administrador autenticado con privilegios a nivel de espacio de trabajo almacenar un payload de JavaScript en el cat\u00e1logo de GeoServer que se ejecutar\u00e1 en el contexto de la cuenta de otro administrador. navegador cuando se ve en el formulario semilla de GWC. El acceso al formulario inicial de GWC est\u00e1 limitado a administradores completos de forma predeterminada y no se recomienda otorgar acceso a este punto final a personas que no sean administradores. Las versiones 2.23.2 y 2.24.1 contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-23643",
"lastModified": "2024-12-17T20:13:38.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T18:15:09.047",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1172"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1174"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-20 18:15
Modified
2024-12-17 20:21
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E1A204-C95D-4B7B-8C8A-E5639834BB97",
"versionEndExcluding": "2.23.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:2.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3EB58700-BA62-496A-BA24-5A08942C1BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a la 2.23.4 y 2.24.1 que permite a un administrador autenticado con privilegios a nivel de espacio de trabajo almacenar un payload de JavaScript en el cat\u00e1logo de GeoServer que se ejecutar\u00e1 en el contexto de la cuenta de otro usuario. navegador cuando se ve en la p\u00e1gina de demostraciones de GWC. El acceso a la p\u00e1gina de demostraciones de GWC est\u00e1 disponible para todos los usuarios, aunque la seguridad de los datos puede limitar la capacidad de los usuarios para activar el XSS. Las versiones 2.23.4 y 2.24.1 contienen un parche para este problema."
}
],
"id": "CVE-2024-23821",
"lastModified": "2024-12-17T20:21:38.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-20T18:15:10.407",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1171"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1173"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-34696
Vulnerability from cvelistv5
Published
2024-07-01 14:36
Modified
2024-08-02 02:59
Severity ?
EPSS score ?
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured.
The `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator’s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly.
Users should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T17:08:38.904497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T17:08:44.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.24.4"
},
{
"status": "affected",
"version": "\u003e= 2.25.0, \u003c 2.25.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer\u0027s Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules\u0027 status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured.\n\nThe `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator\u2019s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly.\n\nUsers should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T14:36:05.084Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf"
}
],
"source": {
"advisory": "GHSA-j59v-vgcr-hxvf",
"discovery": "UNKNOWN"
},
"title": " GeoServer\u0027s Server Status shows sensitive environmental variables and Java properties"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34696",
"datePublished": "2024-07-01T14:36:05.084Z",
"dateReserved": "2024-05-07T13:53:00.131Z",
"dateUpdated": "2024-08-02T02:59:21.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23821
Vulnerability from cvelistv5
Published
2024-03-20 18:03
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9 | x_refsource_CONFIRM | |
| https://github.com/GeoWebCache/geowebcache/issues/1171 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/pull/1173 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T15:30:06.327042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:50.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1171",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1171"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1173",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T18:03:25.433Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1171",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1171"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1173",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1173"
}
],
"source": {
"advisory": "GHSA-88wc-fcj9-q3r9",
"discovery": "UNKNOWN"
},
"title": "GeoServer\u0027s GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23821",
"datePublished": "2024-03-20T18:03:25.433Z",
"dateReserved": "2024-01-22T22:23:54.337Z",
"dateUpdated": "2024-08-01T23:13:08.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7227
Vulnerability from cvelistv5
Published
2009-09-14 14:00
Modified
2024-09-17 01:30
Severity ?
EPSS score ?
Summary
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/43266 | vdb-entry, x_refsource_OSVDB | |
| http://jira.codehaus.org/browse/GEOS-1747 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43266",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.codehaus.org/browse/GEOS-1747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an \"in memory buffer,\" which prevents the reporting of a service exception, with unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-14T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43266",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.codehaus.org/browse/GEOS-1747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an \"in memory buffer,\" which prevents the reporting of a service exception, with unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43266",
"refsource": "OSVDB",
"url": "http://osvdb.org/43266"
},
{
"name": "http://jira.codehaus.org/browse/GEOS-1747",
"refsource": "CONFIRM",
"url": "http://jira.codehaus.org/browse/GEOS-1747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7227",
"datePublished": "2009-09-14T14:00:00Z",
"dateReserved": "2009-09-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:30:39.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36401
Vulnerability from cvelistv5
Published
2024-07-01 15:25
Modified
2024-08-19 07:47
Severity ?
EPSS score ?
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.
Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv | x_refsource_CONFIRM | |
| https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w | x_refsource_MISC | |
| https://github.com/geotools/geotools/pull/4797 | x_refsource_MISC | |
| https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOT-7587 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:2.24.0:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.24.4",
"status": "affected",
"version": "2.24.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:2.25.0:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.25.2",
"status": "affected",
"version": "2.25.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36401",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-13T03:55:17.574252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-15",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T16:20:22.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-15T00:00:00+00:00",
"value": "CVE-2024-36401 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:49.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv"
},
{
"name": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"
},
{
"name": "https://github.com/geotools/geotools/pull/4797",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geotools/geotools/pull/4797"
},
{
"name": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOT-7587",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
},
{
"url": "https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.6"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.4"
},
{
"status": "affected",
"version": "\u003e= 2.25.0, \u003c 2.25.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n\nThe GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.\n\nVersions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T21:28:49.687Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv"
},
{
"name": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"
},
{
"name": "https://github.com/geotools/geotools/pull/4797",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geotools/geotools/pull/4797"
},
{
"name": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOT-7587",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
}
],
"source": {
"advisory": "GHSA-6jj6-gm7p-fcvv",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36401",
"datePublished": "2024-07-01T15:25:41.873Z",
"dateReserved": "2024-05-27T15:59:57.030Z",
"dateUpdated": "2024-08-19T07:47:49.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23640
Vulnerability from cvelistv5
Published
2024-03-20 15:26
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7162 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/pull/7181 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11149 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11155 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T16:18:35.767304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:55.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7162",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7162"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7181",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7181"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11149",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11149"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11155",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user\u0027s browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:26:01.700Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7162",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7162"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7181",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7181"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11149",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11149"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11155",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11155"
}
],
"source": {
"advisory": "GHSA-9rfr-pf2x-g4xf",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23640",
"datePublished": "2024-03-20T15:26:01.700Z",
"dateReserved": "2024-01-19T00:18:53.233Z",
"dateUpdated": "2024-08-01T23:06:25.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35042
Vulnerability from cvelistv5
Published
2023-06-12 00:00
Modified
2024-11-27 15:06
Severity ?
EPSS score ?
Summary
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://isc.sans.edu/diary/29936"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:06:30.827142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:06:46.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://isc.sans.edu/diary/29936"
},
{
"url": "https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35042",
"datePublished": "2023-06-12T00:00:00",
"dateReserved": "2023-06-12T00:00:00",
"dateUpdated": "2024-11-27T15:06:46.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25157
Vulnerability from cvelistv5
Published
2023-02-21 21:00
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
},
{
"name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.22.2"
},
{
"status": "affected",
"version": "\u003c 2.21.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T21:00:13.392Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
},
{
"name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
}
],
"source": {
"advisory": "GHSA-7g5f-wrx8-5ccf",
"discovery": "UNKNOWN"
},
"title": "Unfiltered SQL Injection Vulnerabilities in Geoserver"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25157",
"datePublished": "2023-02-21T21:00:13.392Z",
"dateReserved": "2023-02-03T16:59:18.243Z",
"dateUpdated": "2024-08-02T11:18:35.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24847
Vulnerability from cvelistv5
Published
2022-04-13 21:20
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.20.4"
},
{
"status": "affected",
"version": "\u003c 2.19.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T21:20:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
],
"source": {
"advisory": "GHSA-4pm3-f52j-8ggh",
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation in GeoServer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24847",
"STATE": "PUBLIC",
"TITLE": "Improper Input Validation in GeoServer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.20.0, \u003c 2.20.4"
},
{
"version_value": "\u003c 2.19.6"
}
]
}
}
]
},
"vendor_name": "geoserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh",
"refsource": "CONFIRM",
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
]
},
"source": {
"advisory": "GHSA-4pm3-f52j-8ggh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24847",
"datePublished": "2022-04-13T21:20:12",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23634
Vulnerability from cvelistv5
Published
2024-03-20 15:22
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7289 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11213 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:58:57.582171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:00.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7289",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7289"
},
{
"name": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772"
},
{
"name": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11213",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11213"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.5"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn\u0027t already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:22:41.431Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7289",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7289"
},
{
"name": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772"
},
{
"name": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11213",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11213"
}
],
"source": {
"advisory": "GHSA-75m5-hh4r-q9gx",
"discovery": "UNKNOWN"
},
"title": "GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23634",
"datePublished": "2024-03-20T15:22:41.431Z",
"dateReserved": "2024-01-19T00:18:53.232Z",
"dateUpdated": "2024-08-01T23:06:25.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41877
Vulnerability from cvelistv5
Published
2024-03-20 14:27
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5 | x_refsource_CONFIRM | |
| https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:11:18.983459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:11:58.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"name": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.23.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:27:34.308Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"name": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
}
],
"source": {
"advisory": "GHSA-8g7v-vjrc-x4g5",
"discovery": "UNKNOWN"
},
"title": "GeoServer log file path traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41877",
"datePublished": "2024-03-20T14:27:34.308Z",
"dateReserved": "2023-09-04T16:31:48.223Z",
"dateUpdated": "2024-08-02T19:09:49.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51444
Vulnerability from cvelistv5
Published
2024-03-20 15:07
Modified
2024-08-21 14:35
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7222 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11176 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7222",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7222"
},
{
"name": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8"
},
{
"name": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11176",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11176"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:2.24.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "2.24.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51444",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:00:47.513580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:35:24.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:07:29.869Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7222",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7222"
},
{
"name": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8"
},
{
"name": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11176",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11176"
}
],
"source": {
"advisory": "GHSA-9v5q-2gwq-q9hq",
"discovery": "UNKNOWN"
},
"title": "GeoServer arbitrary file upload vulnerability in REST Coverage Store API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51444",
"datePublished": "2024-03-20T15:07:29.869Z",
"dateReserved": "2023-12-19T13:52:41.787Z",
"dateUpdated": "2024-08-21T14:35:24.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51445
Vulnerability from cvelistv5
Published
2024-03-20 15:14
Modified
2024-08-21 23:01
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7161 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11148 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7161"
},
{
"name": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11148",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11148"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51445",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:31:18.658124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T23:01:43.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator\u0027s browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:14:49.682Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7161",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7161"
},
{
"name": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11148",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11148"
}
],
"source": {
"advisory": "GHSA-fh7p-5f6g-vj2w",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51445",
"datePublished": "2024-03-20T15:14:49.682Z",
"dateReserved": "2023-12-19T13:52:41.787Z",
"dateUpdated": "2024-08-21T23:01:43.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23642
Vulnerability from cvelistv5
Published
2024-03-20 17:44
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525 | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7173 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11152 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T18:21:57.391566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:05.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7173",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7173"
},
{
"name": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00"
},
{
"name": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11152",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T17:44:49.153Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7173",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7173"
},
{
"name": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00"
},
{
"name": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11152",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11152"
}
],
"source": {
"advisory": "GHSA-fg9v-56hw-g525",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23642",
"datePublished": "2024-03-20T17:44:49.153Z",
"dateReserved": "2024-01-19T00:18:53.233Z",
"dateUpdated": "2024-08-01T23:06:25.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43795
Vulnerability from cvelistv5
Published
2023-10-24 22:14
Modified
2024-09-17 14:15
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:52:43.998305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:15:26.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.22.5"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T22:14:30.956Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"source": {
"advisory": "GHSA-5pr3-m5hm-9956",
"discovery": "UNKNOWN"
},
"title": "WPS Server Side Request Forgery in GeoServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43795",
"datePublished": "2023-10-24T22:14:30.956Z",
"dateReserved": "2023-09-22T14:51:42.339Z",
"dateUpdated": "2024-09-17T14:15:26.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23818
Vulnerability from cvelistv5
Published
2024-03-20 17:57
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72 | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7174 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11153 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:45:15.598011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:38.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7174",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7174"
},
{
"name": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2"
},
{
"name": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11153",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.3"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users\u0027 ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T17:57:38.893Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7174",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7174"
},
{
"name": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2"
},
{
"name": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11153",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11153"
}
],
"source": {
"advisory": "GHSA-fcpm-hchj-mh72",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23818",
"datePublished": "2024-03-20T17:57:38.893Z",
"dateReserved": "2024-01-22T22:23:54.337Z",
"dateUpdated": "2024-08-01T23:13:07.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24749
Vulnerability from cvelistv5
Published
2024-07-01 14:07
Modified
2024-08-19 14:44
Severity ?
EPSS score ?
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is also deployed as a web archive using the data directory embedded in the `geoserver.war` file (rather than an external data directory), it will likely be possible to read specific resources to gain administrator privileges. However, it is very unlikely that production environments will be using the embedded data directory since, depending on how GeoServer is deployed, it will be erased and re-installed (which would also reset to the default password) either every time the server restarts or every time a new GeoServer WAR is installed and is therefore difficult to maintain. An external data directory will always be used if GeoServer is running in standalone mode (via an installer or a binary). Versions 2.23.5 and 2.24.3 contain a patch for the issue. Some workarounds are available. One may change from a Windows environment to a Linux environment; or change from Apache Tomcat to Jetty application server. One may also disable anonymous access to the embeded GeoWebCache administration and status pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3 | x_refsource_CONFIRM | |
| https://github.com/GeoWebCache/geowebcache/pull/1211 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1211",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1211"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.24.3",
"status": "affected",
"version": "2.24.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T14:42:13.755866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:44:36.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.5"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is also deployed as a web archive using the data directory embedded in the `geoserver.war` file (rather than an external data directory), it will likely be possible to read specific resources to gain administrator privileges. However, it is very unlikely that production environments will be using the embedded data directory since, depending on how GeoServer is deployed, it will be erased and re-installed (which would also reset to the default password) either every time the server restarts or every time a new GeoServer WAR is installed and is therefore difficult to maintain. An external data directory will always be used if GeoServer is running in standalone mode (via an installer or a binary). Versions 2.23.5 and 2.24.3 contain a patch for the issue. Some workarounds are available. One may change from a Windows environment to a Linux environment; or change from Apache Tomcat to Jetty application server. One may also disable anonymous access to the embeded GeoWebCache administration and status pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T14:07:33.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1211",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1211"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef"
}
],
"source": {
"advisory": "GHSA-jhqx-5v5g-mpf3",
"discovery": "UNKNOWN"
},
"title": "Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24749",
"datePublished": "2024-07-01T14:07:33.314Z",
"dateReserved": "2024-01-29T20:51:26.009Z",
"dateUpdated": "2024-08-19T14:44:36.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35230
Vulnerability from cvelistv5
Published
2024-12-16 22:18
Modified
2024-12-17 14:40
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35230",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:39:46.671847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:40:36.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.26.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T22:18:19.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
},
{
"name": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8"
},
{
"name": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920"
}
],
"source": {
"advisory": "GHSA-6pfc-w86r-54q6",
"discovery": "UNKNOWN"
},
"title": "Welcome and About GeoServer pages communicate version and revision information"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35230",
"datePublished": "2024-12-16T22:18:19.896Z",
"dateReserved": "2024-05-14T15:39:41.785Z",
"dateUpdated": "2024-12-17T14:40:36.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23643
Vulnerability from cvelistv5
Published
2024-03-20 17:50
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7 | x_refsource_CONFIRM | |
| https://github.com/GeoWebCache/geowebcache/issues/1172 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/pull/1174 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.24.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23643",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:28:46.704303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:15:17.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1172",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1172"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1174",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1174"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.2"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator\u2019s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T17:50:48.344Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1172",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1172"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1174",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1174"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0"
}
],
"source": {
"advisory": "GHSA-56r3-f536-5gf7",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23643",
"datePublished": "2024-03-20T17:50:48.344Z",
"dateReserved": "2024-01-19T00:18:53.233Z",
"dateUpdated": "2024-08-01T23:06:25.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23819
Vulnerability from cvelistv5
Published
2024-03-20 18:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5 | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7175 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11154 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T17:44:41.576098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:00.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7175",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7175"
},
{
"name": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef"
},
{
"name": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11154",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T18:00:46.048Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7175",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7175"
},
{
"name": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef"
},
{
"name": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11154",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11154"
}
],
"source": {
"advisory": "GHSA-7x76-57fr-m5r5",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23819",
"datePublished": "2024-03-20T18:00:46.048Z",
"dateReserved": "2024-01-22T22:23:54.337Z",
"dateUpdated": "2024-08-01T23:13:08.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41339
Vulnerability from cvelistv5
Published
2023-10-24 20:15
Modified
2024-09-11 18:00
Severity ?
EPSS score ?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/releases/tag/2.22.5 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/releases/tag/2.23.2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.22.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.23.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:56:27.424894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:00:37.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.22.5"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=\u003curl\u003e`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied \"dynamic styling\". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:15:17.428Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
}
],
"source": {
"advisory": "GHSA-cqpc-x2c6-2gmf",
"discovery": "UNKNOWN"
},
"title": "Unsecured WMS dynamic styling sld=\u003curl\u003e parameter affords blind unauthenticated SSRF in GeoServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41339",
"datePublished": "2023-10-24T20:15:17.428Z",
"dateReserved": "2023-08-28T16:56:43.368Z",
"dateUpdated": "2024-09-11T18:00:37.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}