CVE-2023-41877 (GCVE-0-2023-41877)
Vulnerability from cvelistv5 – Published: 2024-03-20 14:27 – Updated: 2024-08-02 19:09
VLAI?
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:11:18.983459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:11:58.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"name": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.23.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:27:34.308Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"name": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
}
],
"source": {
"advisory": "GHSA-8g7v-vjrc-x4g5",
"discovery": "UNKNOWN"
},
"title": "GeoServer log file path traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41877",
"datePublished": "2024-03-20T14:27:34.308Z",
"dateReserved": "2023-09-04T16:31:48.223Z",
"dateUpdated": "2024-08-02T19:09:49.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.23.4\", \"matchCriteriaId\": \"E92EC9EE-8E0B-40BA-A1FD-06AEB7F59EC1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters.\"}, {\"lang\": \"es\", \"value\": \"GeoServer es un servidor de software de c\\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Una vulnerabilidad de path traversal en las versiones 2.23.4 y anteriores requiere que el administrador de GeoServer con acceso a la consola de administraci\\u00f3n configure incorrectamente la configuraci\\u00f3n global para la ubicaci\\u00f3n del archivo de registro en una ubicaci\\u00f3n arbitraria. La p\\u00e1gina de registros de GeoServer de la consola de administraci\\u00f3n proporciona una vista previa de estos contenidos. Como este problema requiere el acceso de los administradores de GeoServer, que a menudo representan una parte de confianza, la vulnerabilidad no ha recibido un parche al momento de la publicaci\\u00f3n. Como workaround, un administrador de sistema responsable de ejecutar GeoServer puede usar la configuraci\\u00f3n `GEOSERVER_LOG_FILE` para anular cualquier opci\\u00f3n de configuraci\\u00f3n proporcionada por la p\\u00e1gina de configuraci\\u00f3n global. El par\\u00e1metro `GEOSERVER_LOG_LOCATION` se puede configurar como propiedad del sistema, variables de entorno o par\\u00e1metros de contexto de servlet.\"}]",
"id": "CVE-2023-41877",
"lastModified": "2024-12-18T22:01:15.063",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2024-03-20T15:15:07.500",
"references": "[{\"url\": \"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-41877\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-20T15:15:07.500\",\"lastModified\":\"2024-12-18T22:01:15.063\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters.\"},{\"lang\":\"es\",\"value\":\"GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Una vulnerabilidad de path traversal en las versiones 2.23.4 y anteriores requiere que el administrador de GeoServer con acceso a la consola de administraci\u00f3n configure incorrectamente la configuraci\u00f3n global para la ubicaci\u00f3n del archivo de registro en una ubicaci\u00f3n arbitraria. La p\u00e1gina de registros de GeoServer de la consola de administraci\u00f3n proporciona una vista previa de estos contenidos. Como este problema requiere el acceso de los administradores de GeoServer, que a menudo representan una parte de confianza, la vulnerabilidad no ha recibido un parche al momento de la publicaci\u00f3n. Como workaround, un administrador de sistema responsable de ejecutar GeoServer puede usar la configuraci\u00f3n `GEOSERVER_LOG_FILE` para anular cualquier opci\u00f3n de configuraci\u00f3n proporcionada por la p\u00e1gina de configuraci\u00f3n global. El par\u00e1metro `GEOSERVER_LOG_LOCATION` se puede configurar como propiedad del sistema, variables de entorno o par\u00e1metros de contexto de servlet.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.23.4\",\"matchCriteriaId\":\"E92EC9EE-8E0B-40BA-A1FD-06AEB7F59EC1\"}]}]}],\"references\":[{\"url\":\"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\", \"name\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\", \"name\": \"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:09:49.319Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-41877\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-16T00:11:18.983459Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*\"], \"vendor\": \"geoserver\", \"product\": \"geoserver\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.23.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T00:11:56.032Z\"}}], \"cna\": {\"title\": \"GeoServer log file path traversal vulnerability\", \"source\": {\"advisory\": \"GHSA-8g7v-vjrc-x4g5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"geoserver\", \"product\": \"geoserver\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 2.23.4\"}]}], \"references\": [{\"url\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\", \"name\": \"https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\", \"name\": \"https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-20T14:27:34.308Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-41877\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T19:09:49.319Z\", \"dateReserved\": \"2023-09-04T16:31:48.223Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-20T14:27:34.308Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…