cvelistv5 - CVE-2023-43795

CVE-2023-43795 (GCVE-0-2023-43795)

Vulnerability from cvelistv5 – Published: 2023-10-24 22:14 – Updated: 2024-09-17 14:15

Summary

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

URL

Tags

https://github.com/geoserver/geoserver/security/a…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	geoserver	geoserver	Affected: < 2.22.5 Affected: >= 2.23.0, < 2.23.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:52:11.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T13:52:43.998305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T14:15:26.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "geoserver",
          "vendor": "geoserver",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.22.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.23.0, \u003c 2.23.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T22:14:30.956Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
        }
      ],
      "source": {
        "advisory": "GHSA-5pr3-m5hm-9956",
        "discovery": "UNKNOWN"
      },
      "title": "WPS Server Side Request Forgery in GeoServer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-43795",
    "datePublished": "2023-10-24T22:14:30.956Z",
    "dateReserved": "2023-09-22T14:51:42.339Z",
    "dateUpdated": "2024-09-17T14:15:26.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.22.5\", \"matchCriteriaId\": \"0BB82E9C-10E3-41B9-AA40-80D45DC3989F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.23.0\", \"versionEndExcluding\": \"2.23.2\", \"matchCriteriaId\": \"765C2F28-6A4F-42C4-AA52-D984D0F2F0A6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\"}, {\"lang\": \"es\", \"value\": \"GeoServer es un servidor de software de c\\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. La especificaci\\u00f3n del Servicio de procesamiento web (WPS) de OGC est\\u00e1 dise\\u00f1ada para procesar informaci\\u00f3n de cualquier servidor mediante solicitudes GET y POST. Esto presenta la oportunidad de falsificar solicitudes del lado del servidor. Esta vulnerabilidad ha sido parcheada en las versiones 2.22.5 y 2.23.2.\"}]",
      "id": "CVE-2023-43795",
      "lastModified": "2024-11-21T08:24:48.003",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-10-25T18:17:32.180",
      "references": "[{\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-43795\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-25T18:17:32.180\",\"lastModified\":\"2024-11-21T08:24:48.003\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\"},{\"lang\":\"es\",\"value\":\"GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. La especificaci\u00f3n del Servicio de procesamiento web (WPS) de OGC est\u00e1 dise\u00f1ada para procesar informaci\u00f3n de cualquier servidor mediante solicitudes GET y POST. Esto presenta la oportunidad de falsificar solicitudes del lado del servidor. Esta vulnerabilidad ha sido parcheada en las versiones 2.22.5 y 2.23.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.22.5\",\"matchCriteriaId\":\"0BB82E9C-10E3-41B9-AA40-80D45DC3989F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.23.0\",\"versionEndExcluding\":\"2.23.2\",\"matchCriteriaId\":\"765C2F28-6A4F-42C4-AA52-D984D0F2F0A6\"}]}]}],\"references\":[{\"url\":\"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\", \"name\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:52:11.081Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-43795\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-11T13:52:43.998305Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T14:15:22.459Z\"}}], \"cna\": {\"title\": \"WPS Server Side Request Forgery in GeoServer\", \"source\": {\"advisory\": \"GHSA-5pr3-m5hm-9956\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"geoserver\", \"product\": \"geoserver\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.22.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.23.0, \u003c 2.23.2\"}]}], \"references\": [{\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\", \"name\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-24T22:14:30.956Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-43795\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-17T14:15:26.074Z\", \"dateReserved\": \"2023-09-22T14:51:42.339Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-24T22:14:30.956Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-5PR3-M5HM-9956

Vulnerability from github – Published: 2023-10-24 19:21 – Updated: 2023-10-27 21:04

Summary

WPS Server Side Request Forgery vulnerability

Details

Summary

The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests.

This presents the opportunity for Server Side Request Forgery.

Details

This vulnerability requires:

The WPS extension to be installed
The WPS security setting "Disable complex inputs" to be unselected
Security URL checks to be disabled

Impact

This vulnerability presents the opportunity for Server Side Request Forgery.

Mitigation

The ability to reference an external URL location is defined by the WPS standard Execute operation. This operations is defined by an Industry and International standard and cannot be redefined by the GeoServer application in isolation.

To disable complex remote inputs on GeoServer 2.20.5 and GeoServer 2.21.0:

Navigate to Security > WPS Security page
Locate Complex Inputs heading
Select the check box for Disable loading complex inputs from remote references

Resolution

To allow processing of complex inputs safely in GeoServer 2.22.5 and GeoServer 2.23.2:

Navigate to Security > URL Checks
Enable URL Checks are enabled setting
Check the user manual for examples of how to trust specific locations for your external services.

Processing of complex inputs safely is on by default in GeoServer 2.24.0.

References

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.extension:gs-wps-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.22.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.extension:gs-wps-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.23.0"
            },
            {
              "fixed": "2.23.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-43795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-24T19:21:02Z",
    "nvd_published_at": "2023-10-25T18:17:32Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests.\n\nThis presents the opportunity for Server Side Request Forgery.\n\n## Details\n\nThis vulnerability requires:\n\n* The WPS extension to be installed\n* The WPS security setting \"Disable complex inputs\" to be unselected\n* Security URL checks to be disabled\n\n### Impact\n\nThis vulnerability presents the opportunity for Server Side Request Forgery.\n\n### Mitigation\n\nThe ability to reference an external URL location is defined by the WPS standard Execute operation. This operations is defined by an Industry and International standard and cannot be redefined by the GeoServer application in isolation.\n\nTo disable complex remote inputs on GeoServer 2.20.5 and GeoServer 2.21.0:\n\n1.  Navigate to **Security \u003e WPS Security** page\n2. Locate **Complex Inputs** heading\n3. Select the check box for **Disable loading complex inputs from remote references**\n\n### Resolution\n\nTo allow processing of complex inputs safely in GeoServer 2.22.5 and GeoServer 2.23.2:\n\n1. Navigate to **Security \u003e URL Checks**\n2. Enable **URL Checks** are enabled setting\n3. Check the user manual for [examples](https://docs.geoserver.org/latest/en/user/security/urlchecks.html#example-regex-patterns) of how to trust specific locations for your external services.\n\nProcessing of complex inputs safely is on by default in GeoServer 2.24.0.\n\n### References\n\n* [Complex Inputs](https://docs.geoserver.org/stable/en/user/services/wps/security.html#complex-inputs)\n* [URL Checks](https://docs.geoserver.org/latest/en/user/security/urlchecks.html)\n",
  "id": "GHSA-5pr3-m5hm-9956",
  "modified": "2023-10-27T21:04:48Z",
  "published": "2023-10-24T19:21:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43795"
    },
    {
      "type": "WEB",
      "url": "https://docs.geoserver.org/latest/en/user/security/urlchecks.html"
    },
    {
      "type": "WEB",
      "url": "https://docs.geoserver.org/stable/en/user/services/wps/security.html#complex-inputs"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/geoserver/geoserver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "WPS Server Side Request Forgery vulnerability"
}

GSD-2023-43795

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-43795

Aliases

CVE-2023-43795

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-43795",
    "id": "GSD-2023-43795"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-43795"
      ],
      "details": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.",
      "id": "GSD-2023-43795",
      "modified": "2023-12-13T01:20:44.930547Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-43795",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "geoserver",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 2.22.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 2.23.0, \u003c 2.23.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "geoserver"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-918",
                "lang": "eng",
                "value": "CWE-918: Server-Side Request Forgery (SSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
            "refsource": "MISC",
            "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-5pr3-m5hm-9956",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.23.2",
                "versionStartIncluding": "2.23.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.22.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-43795"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-918"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-01T16:19Z",
      "publishedDate": "2023-10-25T18:17Z"
    }
  }
}

CNVD-2024-14588

Vulnerability from cnvd - Published: 2024-03-22

Title

GeoServer服务端请求伪造漏洞（CNVD-2024-14588）

Description

GeoServer是一个用Java编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer存在服务端请求伪造漏洞，该漏洞源于OGC Web处理服务 (WPS) 规范旨在使用GET和POST请求处理来自任何服务器的信息。攻击者可利用此漏洞导致服务端请求伪造攻击。

Severity

高

Patch Name

GeoServer服务端请求伪造漏洞（CNVD-2024-14588）的补丁

Patch Description

GeoServer是一个用Java编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer存在服务端请求伪造漏洞，该漏洞源于OGC Web处理服务 (WPS) 规范旨在使用GET和POST请求处理来自任何服务器的信息。攻击者可利用此漏洞导致服务端请求伪造攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-43795

Impacted products

Name
['Geoserver Geoserver <2.22.5', 'Geoserver Geoserver >=2.23.0，<2.23.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-43795",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-43795"
    }
  },
  "description": "GeoServer\u662f\u4e00\u4e2a\u7528Java\u7f16\u5199\u7684\u5f00\u6e90\u8f6f\u4ef6\u670d\u52a1\u5668\u3002\u5141\u8bb8\u7528\u6237\u5171\u4eab\u548c\u7f16\u8f91\u5730\u7406\u7a7a\u95f4\u6570\u636e\u3002\n\nGeoServer\u5b58\u5728\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOGC Web\u5904\u7406\u670d\u52a1 (WPS) \u89c4\u8303\u65e8\u5728\u4f7f\u7528GET\u548cPOST\u8bf7\u6c42\u5904\u7406\u6765\u81ea\u4efb\u4f55\u670d\u52a1\u5668\u7684\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14588",
  "openTime": "2024-03-22",
  "patchDescription": "GeoServer\u662f\u4e00\u4e2a\u7528Java\u7f16\u5199\u7684\u5f00\u6e90\u8f6f\u4ef6\u670d\u52a1\u5668\u3002\u5141\u8bb8\u7528\u6237\u5171\u4eab\u548c\u7f16\u8f91\u5730\u7406\u7a7a\u95f4\u6570\u636e\u3002\r\n\r\nGeoServer\u5b58\u5728\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOGC Web\u5904\u7406\u670d\u52a1 (WPS) \u89c4\u8303\u65e8\u5728\u4f7f\u7528GET\u548cPOST\u8bf7\u6c42\u5904\u7406\u6765\u81ea\u4efb\u4f55\u670d\u52a1\u5668\u7684\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GeoServer\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2024-14588\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Geoserver Geoserver \u003c2.22.5",
      "Geoserver Geoserver \u003e=2.23.0\uff0c\u003c2.23.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-43795",
  "serverity": "\u9ad8",
  "submitTime": "2023-10-30",
  "title": "GeoServer\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2024-14588\uff09"
}

FKIE_CVE-2023-43795

Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 08:24

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	osgeo	geoserver	*
	osgeo	geoserver	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB82E9C-10E3-41B9-AA40-80D45DC3989F",
              "versionEndExcluding": "2.22.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "765C2F28-6A4F-42C4-AA52-D984D0F2F0A6",
              "versionEndExcluding": "2.23.2",
              "versionStartIncluding": "2.23.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
    },
    {
      "lang": "es",
      "value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. La especificaci\u00f3n del Servicio de procesamiento web (WPS) de OGC est\u00e1 dise\u00f1ada para procesar informaci\u00f3n de cualquier servidor mediante solicitudes GET y POST. Esto presenta la oportunidad de falsificar solicitudes del lado del servidor. Esta vulnerabilidad ha sido parcheada en las versiones 2.22.5 y 2.23.2."
    }
  ],
  "id": "CVE-2023-43795",
  "lastModified": "2024-11-21T08:24:48.003",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-25T18:17:32.180",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-43795 (GCVE-0-2023-43795)

GHSA-5PR3-M5HM-9956

Summary

Details

Impact

Mitigation

Resolution

References

GSD-2023-43795

CNVD-2024-14588

FKIE_CVE-2023-43795

Tags

Sightings

Nomenclature