All the vulnerabilites related to geoserver - geoserver
cve-2023-51444
Vulnerability from cvelistv5
Published
2024-03-20 15:07
Modified
2024-08-21 14:35
Severity ?
EPSS score ?
Summary
GeoServer arbitrary file upload vulnerability in REST Coverage Store API
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7222 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11176 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7222",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7222"
},
{
"name": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8"
},
{
"name": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11176",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11176"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:2.24.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "2.24.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51444",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:00:47.513580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:35:24.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:07:29.869Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7222",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7222"
},
{
"name": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8"
},
{
"name": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11176",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11176"
}
],
"source": {
"advisory": "GHSA-9v5q-2gwq-q9hq",
"discovery": "UNKNOWN"
},
"title": "GeoServer arbitrary file upload vulnerability in REST Coverage Store API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51444",
"datePublished": "2024-03-20T15:07:29.869Z",
"dateReserved": "2023-12-19T13:52:41.787Z",
"dateUpdated": "2024-08-21T14:35:24.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41877
Vulnerability from cvelistv5
Published
2024-03-20 14:27
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
GeoServer log file path traversal vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5 | x_refsource_CONFIRM | |
| https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:11:18.983459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:11:58.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"name": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.23.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:27:34.308Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"name": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
}
],
"source": {
"advisory": "GHSA-8g7v-vjrc-x4g5",
"discovery": "UNKNOWN"
},
"title": "GeoServer log file path traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41877",
"datePublished": "2024-03-20T14:27:34.308Z",
"dateReserved": "2023-09-04T16:31:48.223Z",
"dateUpdated": "2024-08-02T19:09:49.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36401
Vulnerability from cvelistv5
Published
2024-07-01 15:25
Modified
2024-08-19 07:47
Severity ?
EPSS score ?
Summary
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv | x_refsource_CONFIRM | |
| https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w | x_refsource_MISC | |
| https://github.com/geotools/geotools/pull/4797 | x_refsource_MISC | |
| https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOT-7587 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:2.24.0:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.24.4",
"status": "affected",
"version": "2.24.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:2.25.0:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.25.2",
"status": "affected",
"version": "2.25.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36401",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-13T03:55:17.574252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-15",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T16:20:22.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-15T00:00:00+00:00",
"value": "CVE-2024-36401 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:49.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv"
},
{
"name": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"
},
{
"name": "https://github.com/geotools/geotools/pull/4797",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geotools/geotools/pull/4797"
},
{
"name": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOT-7587",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
},
{
"url": "https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.6"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.4"
},
{
"status": "affected",
"version": "\u003e= 2.25.0, \u003c 2.25.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n\nThe GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.\n\nVersions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T21:28:49.687Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv"
},
{
"name": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"
},
{
"name": "https://github.com/geotools/geotools/pull/4797",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geotools/geotools/pull/4797"
},
{
"name": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOT-7587",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
}
],
"source": {
"advisory": "GHSA-6jj6-gm7p-fcvv",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36401",
"datePublished": "2024-07-01T15:25:41.873Z",
"dateReserved": "2024-05-27T15:59:57.030Z",
"dateUpdated": "2024-08-19T07:47:49.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43795
Vulnerability from cvelistv5
Published
2023-10-24 22:14
Modified
2024-09-17 14:15
Severity ?
EPSS score ?
Summary
WPS Server Side Request Forgery in GeoServer
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:52:43.998305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:15:26.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.22.5"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T22:14:30.956Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"source": {
"advisory": "GHSA-5pr3-m5hm-9956",
"discovery": "UNKNOWN"
},
"title": "WPS Server Side Request Forgery in GeoServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43795",
"datePublished": "2023-10-24T22:14:30.956Z",
"dateReserved": "2023-09-22T14:51:42.339Z",
"dateUpdated": "2024-09-17T14:15:26.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24847
Vulnerability from cvelistv5
Published
2022-04-13 21:20
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Improper Input Validation in GeoServer
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.20.4"
},
{
"status": "affected",
"version": "\u003c 2.19.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T21:20:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
],
"source": {
"advisory": "GHSA-4pm3-f52j-8ggh",
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation in GeoServer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24847",
"STATE": "PUBLIC",
"TITLE": "Improper Input Validation in GeoServer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.20.0, \u003c 2.20.4"
},
{
"version_value": "\u003c 2.19.6"
}
]
}
}
]
},
"vendor_name": "geoserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh",
"refsource": "CONFIRM",
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
]
},
"source": {
"advisory": "GHSA-4pm3-f52j-8ggh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24847",
"datePublished": "2022-04-13T21:20:12",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41339
Vulnerability from cvelistv5
Published
2023-10-24 20:15
Modified
2024-09-11 18:00
Severity ?
EPSS score ?
Summary
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/releases/tag/2.22.5 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/releases/tag/2.23.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.22.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.23.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:56:27.424894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:00:37.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.22.5"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=\u003curl\u003e`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied \"dynamic styling\". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:15:17.428Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
}
],
"source": {
"advisory": "GHSA-cqpc-x2c6-2gmf",
"discovery": "UNKNOWN"
},
"title": "Unsecured WMS dynamic styling sld=\u003curl\u003e parameter affords blind unauthenticated SSRF in GeoServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41339",
"datePublished": "2023-10-24T20:15:17.428Z",
"dateReserved": "2023-08-28T16:56:43.368Z",
"dateUpdated": "2024-09-11T18:00:37.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51445
Vulnerability from cvelistv5
Published
2024-03-20 15:14
Modified
2024-08-21 23:01
Severity ?
EPSS score ?
Summary
GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7161 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11148 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7161"
},
{
"name": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11148",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11148"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51445",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:31:18.658124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T23:01:43.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator\u0027s browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:14:49.682Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7161",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7161"
},
{
"name": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11148",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11148"
}
],
"source": {
"advisory": "GHSA-fh7p-5f6g-vj2w",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51445",
"datePublished": "2024-03-20T15:14:49.682Z",
"dateReserved": "2023-12-19T13:52:41.787Z",
"dateUpdated": "2024-08-21T23:01:43.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23819
Vulnerability from cvelistv5
Published
2024-03-20 18:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5 | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7175 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11154 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T17:44:41.576098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:00.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7175",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7175"
},
{
"name": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef"
},
{
"name": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11154",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T18:00:46.048Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7175",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7175"
},
{
"name": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef"
},
{
"name": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11154",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11154"
}
],
"source": {
"advisory": "GHSA-7x76-57fr-m5r5",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23819",
"datePublished": "2024-03-20T18:00:46.048Z",
"dateReserved": "2024-01-22T22:23:54.337Z",
"dateUpdated": "2024-08-01T23:13:08.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24749
Vulnerability from cvelistv5
Published
2024-07-01 14:07
Modified
2024-08-19 14:44
Severity ?
EPSS score ?
Summary
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3 | x_refsource_CONFIRM | |
| https://github.com/GeoWebCache/geowebcache/pull/1211 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1211",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1211"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.24.3",
"status": "affected",
"version": "2.24.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T14:42:13.755866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:44:36.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.5"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is also deployed as a web archive using the data directory embedded in the `geoserver.war` file (rather than an external data directory), it will likely be possible to read specific resources to gain administrator privileges. However, it is very unlikely that production environments will be using the embedded data directory since, depending on how GeoServer is deployed, it will be erased and re-installed (which would also reset to the default password) either every time the server restarts or every time a new GeoServer WAR is installed and is therefore difficult to maintain. An external data directory will always be used if GeoServer is running in standalone mode (via an installer or a binary). Versions 2.23.5 and 2.24.3 contain a patch for the issue. Some workarounds are available. One may change from a Windows environment to a Linux environment; or change from Apache Tomcat to Jetty application server. One may also disable anonymous access to the embeded GeoWebCache administration and status pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T14:07:33.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1211",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1211"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef"
}
],
"source": {
"advisory": "GHSA-jhqx-5v5g-mpf3",
"discovery": "UNKNOWN"
},
"title": "Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24749",
"datePublished": "2024-07-01T14:07:33.314Z",
"dateReserved": "2024-01-29T20:51:26.009Z",
"dateUpdated": "2024-08-19T14:44:36.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23821
Vulnerability from cvelistv5
Published
2024-03-20 18:03
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9 | x_refsource_CONFIRM | |
| https://github.com/GeoWebCache/geowebcache/issues/1171 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/pull/1173 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T15:30:06.327042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:50.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1171",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1171"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1173",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T18:03:25.433Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1171",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1171"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1173",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1173"
}
],
"source": {
"advisory": "GHSA-88wc-fcj9-q3r9",
"discovery": "UNKNOWN"
},
"title": "GeoServer\u0027s GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23821",
"datePublished": "2024-03-20T18:03:25.433Z",
"dateReserved": "2024-01-22T22:23:54.337Z",
"dateUpdated": "2024-08-01T23:13:08.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23643
Vulnerability from cvelistv5
Published
2024-03-20 17:50
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7 | x_refsource_CONFIRM | |
| https://github.com/GeoWebCache/geowebcache/issues/1172 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/pull/1174 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.24.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23643",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:28:46.704303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:15:17.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1172",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1172"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1174",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1174"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.2"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator\u2019s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T17:50:48.344Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1172",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1172"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1174",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1174"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0"
}
],
"source": {
"advisory": "GHSA-56r3-f536-5gf7",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23643",
"datePublished": "2024-03-20T17:50:48.344Z",
"dateReserved": "2024-01-19T00:18:53.233Z",
"dateUpdated": "2024-08-01T23:06:25.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23634
Vulnerability from cvelistv5
Published
2024-03-20 15:22
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7289 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11213 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:58:57.582171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:00.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7289",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7289"
},
{
"name": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772"
},
{
"name": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11213",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11213"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.5"
},
{
"status": "affected",
"version": "\u003e= 2.24.0, \u003c 2.24.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn\u0027t already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:22:41.431Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7289",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7289"
},
{
"name": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772"
},
{
"name": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11213",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11213"
}
],
"source": {
"advisory": "GHSA-75m5-hh4r-q9gx",
"discovery": "UNKNOWN"
},
"title": "GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23634",
"datePublished": "2024-03-20T15:22:41.431Z",
"dateReserved": "2024-01-19T00:18:53.232Z",
"dateUpdated": "2024-08-01T23:06:25.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25157
Vulnerability from cvelistv5
Published
2023-02-21 21:00
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
Unfiltered SQL Injection Vulnerabilities in Geoserver
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
},
{
"name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.22.2"
},
{
"status": "affected",
"version": "\u003c 2.21.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T21:00:13.392Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
},
{
"name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
}
],
"source": {
"advisory": "GHSA-7g5f-wrx8-5ccf",
"discovery": "UNKNOWN"
},
"title": "Unfiltered SQL Injection Vulnerabilities in Geoserver"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25157",
"datePublished": "2023-02-21T21:00:13.392Z",
"dateReserved": "2023-02-03T16:59:18.243Z",
"dateUpdated": "2024-08-02T11:18:35.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7227
Vulnerability from cvelistv5
Published
2009-09-14 14:00
Modified
2024-09-17 01:30
Severity ?
EPSS score ?
Summary
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/43266 | vdb-entry, x_refsource_OSVDB | |
| http://jira.codehaus.org/browse/GEOS-1747 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43266",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.codehaus.org/browse/GEOS-1747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an \"in memory buffer,\" which prevents the reporting of a service exception, with unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-14T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43266",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.codehaus.org/browse/GEOS-1747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an \"in memory buffer,\" which prevents the reporting of a service exception, with unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43266",
"refsource": "OSVDB",
"url": "http://osvdb.org/43266"
},
{
"name": "http://jira.codehaus.org/browse/GEOS-1747",
"refsource": "CONFIRM",
"url": "http://jira.codehaus.org/browse/GEOS-1747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7227",
"datePublished": "2009-09-14T14:00:00Z",
"dateReserved": "2009-09-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:30:39.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23642
Vulnerability from cvelistv5
Published
2024-03-20 17:44
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525 | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7173 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11152 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T18:21:57.391566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:05.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7173",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7173"
},
{
"name": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00"
},
{
"name": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11152",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.4"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users\u0027 ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T17:44:49.153Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7173",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7173"
},
{
"name": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00"
},
{
"name": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11152",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11152"
}
],
"source": {
"advisory": "GHSA-fg9v-56hw-g525",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23642",
"datePublished": "2024-03-20T17:44:49.153Z",
"dateReserved": "2024-01-19T00:18:53.233Z",
"dateUpdated": "2024-08-01T23:06:25.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23640
Vulnerability from cvelistv5
Published
2024-03-20 15:26
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7162 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/pull/7181 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11149 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11155 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T16:18:35.767304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:55.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7162",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7162"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7181",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7181"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11149",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11149"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11155",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user\u0027s browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users\u0027 ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T15:26:01.700Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7162",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7162"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7181",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7181"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11149",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11149"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11155",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11155"
}
],
"source": {
"advisory": "GHSA-9rfr-pf2x-g4xf",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23640",
"datePublished": "2024-03-20T15:26:01.700Z",
"dateReserved": "2024-01-19T00:18:53.233Z",
"dateUpdated": "2024-08-01T23:06:25.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34696
Vulnerability from cvelistv5
Published
2024-07-01 14:36
Modified
2024-08-02 02:59
Severity ?
EPSS score ?
Summary
GeoServer's Server Status shows sensitive environmental variables and Java properties
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T17:08:38.904497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T17:08:44.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.24.4"
},
{
"status": "affected",
"version": "\u003e= 2.25.0, \u003c 2.25.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer\u0027s Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules\u0027 status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured.\n\nThe `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator\u2019s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly.\n\nUsers should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T14:36:05.084Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf"
}
],
"source": {
"advisory": "GHSA-j59v-vgcr-hxvf",
"discovery": "UNKNOWN"
},
"title": " GeoServer\u0027s Server Status shows sensitive environmental variables and Java properties"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34696",
"datePublished": "2024-07-01T14:36:05.084Z",
"dateReserved": "2024-05-07T13:53:00.131Z",
"dateUpdated": "2024-08-02T02:59:21.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35042
Vulnerability from cvelistv5
Published
2023-06-12 00:00
Modified
2024-08-02 16:17
Severity ?
EPSS score ?
Summary
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://isc.sans.edu/diary/29936"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://isc.sans.edu/diary/29936"
},
{
"url": "https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35042",
"datePublished": "2023-06-12T00:00:00",
"dateReserved": "2023-06-12T00:00:00",
"dateUpdated": "2024-08-02T16:17:04.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23818
Vulnerability from cvelistv5
Published
2024-03-20 17:57
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72 | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/7174 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11153 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:45:15.598011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:38.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7174",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/pull/7174"
},
{
"name": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2"
},
{
"name": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11153",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.23.3"
},
{
"status": "affected",
"version": "= 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user\u0027s browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users\u0027 ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T17:57:38.893Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72"
},
{
"name": "https://github.com/geoserver/geoserver/pull/7174",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/7174"
},
{
"name": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2"
},
{
"name": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11153",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11153"
}
],
"source": {
"advisory": "GHSA-fcpm-hchj-mh72",
"discovery": "UNKNOWN"
},
"title": "GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23818",
"datePublished": "2024-03-20T17:57:38.893Z",
"dateReserved": "2024-01-22T22:23:54.337Z",
"dateUpdated": "2024-08-01T23:13:07.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}