CVE-2022-50899 (GCVE-0-2022-50899)

Vulnerability from cvelistv5 – Published: 2026-01-13 22:51 – Updated: 2026-05-14 02:07
VLAI
Title
Geonetwork 4.2.0 - XML External Entity (XXE)
Summary
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
GeoNetwork GeoNetwork Affected: 3.10 , ≤ 4.2.0 (custom)
Create a notification for this product.
Date Public
2022-07-29 00:00
Credits
Amel BOUZIANE-LEBLOND
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-50899",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T15:52:28.159438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T19:20:51.974Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GeoNetwork",
          "vendor": "GeoNetwork",
          "versions": [
            {
              "lessThanOrEqual": "4.2.0",
              "status": "affected",
              "version": "3.10",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "4.2.0",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Amel BOUZIANE-LEBLOND"
        }
      ],
      "datePublic": "2022-07-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T02:07:00.169Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-50982",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/50982"
        },
        {
          "name": "GeoNetwork Official Homepage",
          "tags": [
            "product"
          ],
          "url": "https://geonetwork-opensource.org/"
        },
        {
          "name": "VulnCheck Advisory: Geonetwork 4.2.0 - XML External Entity (XXE)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/geonetwork-xml-external-entity-xxe"
        }
      ],
      "title": "Geonetwork 4.2.0 - XML External Entity (XXE)",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2022-50899",
    "datePublished": "2026-01-13T22:51:45.416Z",
    "dateReserved": "2026-01-10T15:05:18.988Z",
    "dateUpdated": "2026-05-14T02:07:00.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-50899",
      "date": "2026-07-12",
      "epss": "0.00463",
      "percentile": "0.37067"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-50899\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-01-13T23:15:52.007\",\"lastModified\":\"2026-06-17T05:24:22.827\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.\"},{\"lang\":\"es\",\"value\":\"Geonetwork 3.10 hasta 4.2.0 contiene una vulnerabilidad de entidad externa XML en la renderizaci\u00f3n de PDF que permite a los atacantes recuperar archivos arbitrarios del servidor. Los atacantes pueden explotar el analizador XML inseguro creando un documento XML malicioso con referencias a entidades externas para leer archivos del sistema a trav\u00e9s del par\u00e1metro baseURL en las solicitudes de creaci\u00f3n de PDF.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"GeoNetwork\",\"product\":\"GeoNetwork\",\"versions\":[{\"version\":\"3.10\",\"lessThanOrEqual\":\"4.2.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-14T15:52:28.159438Z\",\"id\":\"CVE-2022-50899\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.10.0\",\"versionEndIncluding\":\"4.2.0\",\"matchCriteriaId\":\"6C27C8DC-5803-42B5-8CA0-395CA377CB52\"}]}]}],\"references\":[{\"url\":\"https://geonetwork-opensource.org/\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.exploit-db.com/exploits/50982\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Exploit\",\"VDB Entry\"]},{\"url\":\"https://www.vulncheck.com/advisories/geonetwork-xml-external-entity-xxe\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "redhat_vex": {
      "current_release_date": "2026-04-07T17:04:02+00:00",
      "cve": "CVE-2022-50899",
      "id": "CVE-2022-50899",
      "initial_release_date": "2022-07-29T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "Geonetwork 4.2.0 - XML External Entity (XXE)",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-50899.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-50899\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-14T15:52:28.159438Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-14T15:52:31.779Z\"}}], \"cna\": {\"title\": \"Geonetwork 4.2.0 - XML External Entity (XXE)\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Amel BOUZIANE-LEBLOND\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"GeoNetwork\", \"product\": \"GeoNetwork\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.10\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.2.0\"}]}], \"datePublic\": \"2022-07-29T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/50982\", \"name\": \"ExploitDB-50982\", \"tags\": [\"exploit\"]}, {\"url\": \"https://geonetwork-opensource.org/\", \"name\": \"GeoNetwork Official Homepage\", \"tags\": [\"product\"]}, {\"url\": \"https://www.vulncheck.com/advisories/geonetwork-xml-external-entity-xxe\", \"name\": \"VulnCheck Advisory: Geonetwork 4.2.0 - XML External Entity (XXE)\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"Improper Restriction of XML External Entity Reference\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"4.2.0\", \"versionStartIncluding\": \"3.10\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-05-14T02:07:00.169Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-50899\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T02:07:00.169Z\", \"dateReserved\": \"2026-01-10T15:05:18.988Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-01-13T22:51:45.416Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…