Vulnerabilites related to osgeo - geoserver
CVE-2024-34711 (GCVE-0-2024-34711)
Vulnerability from cvelistv5
Published
2025-06-10 14:33
Modified
2025-06-10 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965 | x_refsource_CONFIRM | |
| https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:08:02.959639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:08:27.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:33:18.872Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965"
},
{
"name": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
}
],
"source": {
"advisory": "GHSA-mc43-4fqr-c965",
"discovery": "UNKNOWN"
},
"title": "GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34711",
"datePublished": "2025-06-10T14:33:18.872Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2025-06-10T15:08:27.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40822 (GCVE-0-2021-40822)
Vulnerability from cvelistv5
Published
2022-05-01 23:17
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/releases | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-10229 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3 | x_refsource_CONFIRM | |
| https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-01T23:17:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/geoserver/geoserver/releases",
"refsource": "MISC",
"url": "https://github.com/geoserver/geoserver/releases"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-10229",
"refsource": "MISC",
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
},
{
"name": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3",
"refsource": "CONFIRM",
"url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508",
"refsource": "MISC",
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40822",
"datePublished": "2022-05-01T23:17:25",
"dateReserved": "2021-09-09T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41339 (GCVE-0-2023-41339)
Vulnerability from cvelistv5
Published
2023-10-24 20:15
Modified
2024-09-11 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/releases/tag/2.22.5 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/releases/tag/2.23.2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"lessThan": "2.22.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.23.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:56:27.424894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:00:37.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.22.5"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=\u003curl\u003e`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied \"dynamic styling\". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:15:17.428Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
}
],
"source": {
"advisory": "GHSA-cqpc-x2c6-2gmf",
"discovery": "UNKNOWN"
},
"title": "Unsecured WMS dynamic styling sld=\u003curl\u003e parameter affords blind unauthenticated SSRF in GeoServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41339",
"datePublished": "2023-10-24T20:15:17.428Z",
"dateReserved": "2023-08-28T16:56:43.368Z",
"dateUpdated": "2024-09-11T18:00:37.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24847 (GCVE-0-2022-24847)
Vulnerability from cvelistv5
Published
2022-04-13 21:20
Modified
2025-04-23 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:54:24.086363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:39:57.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.20.4"
},
{
"status": "affected",
"version": "\u003c 2.19.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T21:20:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
],
"source": {
"advisory": "GHSA-4pm3-f52j-8ggh",
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation in GeoServer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24847",
"STATE": "PUBLIC",
"TITLE": "Improper Input Validation in GeoServer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.20.0, \u003c 2.20.4"
},
{
"version_value": "\u003c 2.19.6"
}
]
}
}
]
},
"vendor_name": "geoserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh",
"refsource": "CONFIRM",
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
]
},
"source": {
"advisory": "GHSA-4pm3-f52j-8ggh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24847",
"datePublished": "2022-04-13T21:20:12.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:39:57.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35230 (GCVE-0-2024-35230)
Vulnerability from cvelistv5
Published
2024-12-16 22:18
Modified
2024-12-17 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35230",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:39:46.671847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:40:36.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.26.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T22:18:19.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
},
{
"name": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8"
},
{
"name": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920"
}
],
"source": {
"advisory": "GHSA-6pfc-w86r-54q6",
"discovery": "UNKNOWN"
},
"title": "Welcome and About GeoServer pages communicate version and revision information"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35230",
"datePublished": "2024-12-16T22:18:19.896Z",
"dateReserved": "2024-05-14T15:39:41.785Z",
"dateUpdated": "2024-12-17T14:40:36.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30145 (GCVE-0-2025-30145)
Vulnerability from cvelistv5
Published
2025-06-10 14:58
Modified
2025-06-10 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf | x_refsource_CONFIRM | |
| https://github.com/geosolutions-it/jai-ext/pull/307 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11778 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:16:16.672596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:16:31.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.26.0, \u003c 2.26.3"
},
{
"status": "affected",
"version": "\u003c 2.25.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:58:48.408Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf"
},
{
"name": "https://github.com/geosolutions-it/jai-ext/pull/307",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geosolutions-it/jai-ext/pull/307"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11778",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11778"
}
],
"source": {
"advisory": "GHSA-gr67-pwcv-76gf",
"discovery": "UNKNOWN"
},
"title": "GeoServer has an Infinite Loop Vulnerability in Jiffle process"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30145",
"datePublished": "2025-06-10T14:58:48.408Z",
"dateReserved": "2025-03-17T12:41:42.564Z",
"dateUpdated": "2025-06-10T15:16:31.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40625 (GCVE-0-2024-40625)
Vulnerability from cvelistv5
Published
2025-06-10 14:49
Modified
2025-06-10 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2 | x_refsource_CONFIRM | |
| https://osgeo-org.atlassian.net/browse/GEOS-11468 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11717 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:54:52.333248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:55:09.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.26.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals \u0027url\u0027) with no restrict. This vulnerability is fixed in 2.26.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:49:05.368Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11468",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11468"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11717",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11717"
}
],
"source": {
"advisory": "GHSA-r4hf-r8gj-jgw2",
"discovery": "UNKNOWN"
},
"title": "GeoServer Coverage REST API Allows Server Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-40625",
"datePublished": "2025-06-10T14:49:05.368Z",
"dateReserved": "2024-07-08T16:13:15.510Z",
"dateUpdated": "2025-06-10T14:55:09.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25157 (GCVE-0-2023-25157)
Vulnerability from cvelistv5
Published
2023-02-21 21:00
Modified
2025-03-10 21:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
},
{
"name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:02.658010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:07:17.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.22.2"
},
{
"status": "affected",
"version": "\u003c 2.21.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T21:00:13.392Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
},
{
"name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
}
],
"source": {
"advisory": "GHSA-7g5f-wrx8-5ccf",
"discovery": "UNKNOWN"
},
"title": "Unfiltered SQL Injection Vulnerabilities in Geoserver"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25157",
"datePublished": "2023-02-21T21:00:13.392Z",
"dateReserved": "2023-02-03T16:59:18.243Z",
"dateUpdated": "2025-03-10T21:07:17.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43795 (GCVE-0-2023-43795)
Vulnerability from cvelistv5
Published
2023-10-24 22:14
Modified
2024-09-17 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:52:43.998305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:15:26.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.22.5"
},
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T22:14:30.956Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"source": {
"advisory": "GHSA-5pr3-m5hm-9956",
"discovery": "UNKNOWN"
},
"title": "WPS Server Side Request Forgery in GeoServer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43795",
"datePublished": "2023-10-24T22:14:30.956Z",
"dateReserved": "2023-09-22T14:51:42.339Z",
"dateUpdated": "2024-09-17T14:15:26.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30220 (GCVE-0-2025-30220)
Vulnerability from cvelistv5
Published
2025-06-10 15:16
Modified
2025-06-10 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc | x_refsource_CONFIRM | |
| https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc | x_refsource_MISC | |
| https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw | x_refsource_MISC | |
| https://github.com/geonetwork/core-geonetwork/pull/8757 | x_refsource_MISC | |
| https://github.com/geonetwork/core-geonetwork/pull/8803 | x_refsource_MISC | |
| https://github.com/geonetwork/core-geonetwork/pull/8812 | x_refsource_MISC | |
| https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T17:13:03.887707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:13:09.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.27.0, \u003c 2.27.1"
},
{
"status": "affected",
"version": "\u003e= 2.26.0, \u003c 2.26.3"
},
{
"status": "affected",
"version": "\u003c 2.25.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:16:39.339Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc"
},
{
"name": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc"
},
{
"name": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw"
},
{
"name": "https://github.com/geonetwork/core-geonetwork/pull/8757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geonetwork/core-geonetwork/pull/8757"
},
{
"name": "https://github.com/geonetwork/core-geonetwork/pull/8803",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geonetwork/core-geonetwork/pull/8803"
},
{
"name": "https://github.com/geonetwork/core-geonetwork/pull/8812",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geonetwork/core-geonetwork/pull/8812"
},
{
"name": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
}
],
"source": {
"advisory": "GHSA-jj54-8f66-c5pc",
"discovery": "UNKNOWN"
},
"title": "GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30220",
"datePublished": "2025-06-10T15:16:39.339Z",
"dateReserved": "2025-03-18T18:15:13.851Z",
"dateUpdated": "2025-06-10T17:13:09.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29198 (GCVE-0-2024-29198)
Vulnerability from cvelistv5
Published
2025-06-10 14:27
Modified
2025-06-17 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw | x_refsource_CONFIRM | |
| https://osgeo-org.atlassian.net/browse/GEOS-11390 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11794 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:34:24.822105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:12:00.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.24.4"
},
{
"status": "affected",
"version": "\u003e= 2.25.0, \u003c 2.25.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:27:39.485Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11390",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11390"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11794",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11794"
}
],
"source": {
"advisory": "GHSA-5gw5-jccf-6hxw",
"discovery": "UNKNOWN"
},
"title": "GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29198",
"datePublished": "2025-06-10T14:27:39.485Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2025-06-17T19:12:00.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27505 (GCVE-0-2025-27505)
Vulnerability from cvelistv5
Published
2025-06-10 14:52
Modified
2025-06-10 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5 | x_refsource_CONFIRM | |
| https://github.com/geoserver/geoserver/pull/8170 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11664 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11776 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:01:26.113408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:01:45.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.26.0, \u003c 2.26.3"
},
{
"status": "affected",
"version": "\u003c 2.25.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:52:19.499Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5"
},
{
"name": "https://github.com/geoserver/geoserver/pull/8170",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/8170"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11664",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11664"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11776",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11776"
}
],
"source": {
"advisory": "GHSA-h86g-x8mm-78m5",
"discovery": "UNKNOWN"
},
"title": "GeoServer Missing Authorization on REST API Index"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27505",
"datePublished": "2025-06-10T14:52:19.499Z",
"dateReserved": "2025-02-26T18:11:52.305Z",
"dateUpdated": "2025-06-10T15:01:45.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38524 (GCVE-0-2024-38524)
Vulnerability from cvelistv5
Published
2025-06-10 14:43
Modified
2025-06-10 14:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f | x_refsource_CONFIRM | |
| https://github.com/GeoWebCache/geowebcache/issues/1344 | x_refsource_MISC | |
| https://github.com/GeoWebCache/geowebcache/pull/1345 | x_refsource_MISC | |
| https://github.com/geoserver/geoserver/pull/8189 | x_refsource_MISC | |
| https://osgeo-org.atlassian.net/browse/GEOS-11677 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:56:50.768148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:56:58.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "geoserver",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.26.0, \u003c 2.26.2"
},
{
"status": "affected",
"version": "\u003c 2.25.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:43:04.590Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/issues/1344",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1344"
},
{
"name": "https://github.com/GeoWebCache/geowebcache/pull/1345",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1345"
},
{
"name": "https://github.com/geoserver/geoserver/pull/8189",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geoserver/geoserver/pull/8189"
},
{
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11677",
"tags": [
"x_refsource_MISC"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11677"
}
],
"source": {
"advisory": "GHSA-jm79-7xhw-6f6f",
"discovery": "UNKNOWN"
},
"title": "GWC Home Page communicate version and revision information"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38524",
"datePublished": "2025-06-10T14:43:04.590Z",
"dateReserved": "2024-06-18T16:37:02.728Z",
"dateUpdated": "2025-06-10T14:56:58.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-05-02 00:15
Modified
2024-11-21 06:24
Severity ?
Summary
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3 | Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/geoserver/geoserver/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://osgeo-org.atlassian.net/browse/GEOS-10229 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/geoserver/geoserver/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://osgeo-org.atlassian.net/browse/GEOS-10229 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEC9097-506C-465A-B732-B344EF88441B",
"versionEndIncluding": "2.18.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6F334E-A69B-4230-A7C2-C3D16C3DD436",
"versionEndExcluding": "2.19.3",
"versionStartIncluding": "2.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host."
},
{
"lang": "es",
"value": "GeoServer versiones hasta 2.18.5 y versiones 2.19.x hasta 2.19.2, permite un ataque de tipo SSRF por medio de la opci\u00f3n de establecer un host proxy"
}
],
"id": "CVE-2021-40822",
"lastModified": "2024-11-21T06:24:50.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-02T00:15:08.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 15:15
Modified
2025-08-26 16:22
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2 | Third Party Advisory | |
| security-advisories@github.com | https://osgeo-org.atlassian.net/browse/GEOS-11468 | Issue Tracking, Patch | |
| security-advisories@github.com | https://osgeo-org.atlassian.net/browse/GEOS-11717 | Permissions Required |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C620D5-39EE-4F8B-92DA-64E0D62AF802",
"versionEndExcluding": "2.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals \u0027url\u0027) with no restrict. This vulnerability is fixed in 2.26.0."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. La API REST de Coverage /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} permite a los atacantes cargar archivos con una URL espec\u00edfica (donde {method} equivale a \u0027url\u0027) sin restricciones. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.26.0."
}
],
"id": "CVE-2024-40625",
"lastModified": "2025-08-26T16:22:20.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-10T15:15:23.043",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11468"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11717"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-16 23:15
Modified
2025-08-26 16:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDA5C77-43D4-4371-B02B-CDE2A796FC40",
"versionEndExcluding": "2.25.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. En las versiones afectadas, la p\u00e1gina de bienvenida y la p\u00e1gina de informaci\u00f3n incluyen informaci\u00f3n sobre la versi\u00f3n y la revisi\u00f3n del software en uso (incluida la librer\u00eda y los componentes utilizados). Esta informaci\u00f3n es confidencial desde el punto de vista de la seguridad porque permite identificar f\u00e1cilmente el software utilizado por el servidor. Este problema se ha corregido en la versi\u00f3n 2.26.0 y se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-35230",
"lastModified": "2025-08-26T16:48:42.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-16T23:15:06.467",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory",
"Exploit"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory",
"Exploit"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 15:15
Modified
2025-08-26 16:11
Severity ?
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0B3A06-FC80-4BDD-8E00-1AE8D51A5930",
"versionEndExcluding": "2.25.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "657234C4-41D0-4CD9-B1DD-BBF565C608C6",
"versionEndExcluding": "2.26.3",
"versionStartIncluding": "2.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. GeoServer puede ejecutar scripts Jiffle maliciosos, ya sea como una transformaci\u00f3n de renderizado en estilos din\u00e1micos WMS o como un proceso WPS, que pueden entrar en un bucle infinito y provocar una denegaci\u00f3n de servicio. Esta vulnerabilidad se ha corregido en las versiones 2.27.0, 2.26.3 y 2.25.7. Esta vulnerabilidad se puede mitigar deshabilitando los estilos din\u00e1micos WMS y el proceso Jiffle."
}
],
"id": "CVE-2025-30145",
"lastModified": "2025-08-26T16:11:23.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-10T15:15:24.070",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geosolutions-it/jai-ext/pull/307"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11778"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 15:15
Modified
2025-08-26 16:24
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6112339F-79B4-4735-B2BE-345BE4F81FD4",
"versionEndExcluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de validaci\u00f3n de URI incorrecta que permite a un atacante no autorizado realizar un ataque de Entidades Externas XML (XEE) y enviar una solicitud GET a cualquier servidor HTTP. De forma predeterminada, GeoServer utiliza la clase PreventLocalEntityResolver de GeoTools para filtrar URI maliciosos en entidades XML antes de resolverlos. El URI debe coincidir con la expresi\u00f3n regular (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. Sin embargo, la expresi\u00f3n regular permite a los atacantes realizar solicitudes a cualquier servidor HTTP o archivo limitado. Un atacante puede aprovechar esto para escanear redes internas, obtener informaci\u00f3n sobre ellas y luego explotarla. GeoServer 2.25.0 y versiones posteriores utilizan ENTITY_RESOLUTION_ALLOWLIST de forma predeterminada y no requieren que se proporcione una propiedad del sistema."
}
],
"id": "CVE-2024-34711",
"lastModified": "2025-08-26T16:24:18.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-10T15:15:22.710",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-611"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-25 18:17
Modified
2024-11-21 08:21
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB82E9C-10E3-41B9-AA40-80D45DC3989F",
"versionEndExcluding": "2.22.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765C2F28-6A4F-42C4-AA52-D984D0F2F0A6",
"versionEndExcluding": "2.23.2",
"versionStartIncluding": "2.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=\u003curl\u003e`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied \"dynamic styling\". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. La especificaci\u00f3n WMS define un par\u00e1metro ``sld=`` para las operaciones GetMap, GetLegendGraphic y GetFeatureInfo para el \"estilo din\u00e1mico\" proporcionado por el usuario. Habilitar el uso de estilos din\u00e1micos, sin configurar tambi\u00e9n comprobaciones de URL, brinda la oportunidad de Server-Side Request Forgery (SSRF). Esta vulnerabilidad se puede utilizar para robar hashes NetNTLMv2 del usuario que podr\u00edan transmitirse o descifrarse externamente para obtener m\u00e1s acceso. Esta vulnerabilidad ha sido parcheada en las versiones 2.22.5 y 2.23.2."
}
],
"id": "CVE-2023-41339",
"lastModified": "2024-11-21T08:21:06.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:30.840",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 16:15
Modified
2025-08-26 16:10
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "319F63C7-7B2E-43CB-A91D-536D0D5D66BE",
"versionEndExcluding": "28.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F4D869-28DC-4F07-A122-B93D948EBBCF",
"versionEndExcluding": "31.7",
"versionStartIncluding": "29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C145224-639E-45FB-8413-C1570B9F23B6",
"versionEndExcluding": "32.3",
"versionStartIncluding": "32.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geotools:geotools:33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F0CB7-D8DF-44D3-9967-34A73AF85BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3595E000-B460-4BA9-AC3E-A8678FBD9899",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B335EE-0493-44DE-A385-141AA2E777E7",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0B3A06-FC80-4BDD-8E00-1AE8D51A5930",
"versionEndExcluding": "2.25.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "657234C4-41D0-4CD9-B1DD-BBF565C608C6",
"versionEndExcluding": "2.26.3",
"versionStartIncluding": "2.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:2.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F80D593-ADBB-46EC-B1DC-F154B6385E22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. El uso de la librer\u00eda XSD de Eclipse por parte de la clase Esquema de GeoTools para representar la estructura de datos del esquema es vulnerable a la vulnerabilidad de Entidad Externa XML (XXE). Esto afecta a quien exponga el procesamiento XML con gt-xsd-core involucrado en el an\u00e1lisis, cuando los documentos contienen una referencia a un esquema XML externo. La clase Esquemas de gt-xsd-core no utiliza el EntityResolver proporcionado por ParserHandler (si se configur\u00f3 alguno). Esto tambi\u00e9n afecta a los usuarios del almac\u00e9n de datos gt-wfs-ng donde el par\u00e1metro de conexi\u00f3n ENTITY_RESOLVER no se utilizaba correctamente. Esta vulnerabilidad est\u00e1 corregida en GeoTools 33.1, 32.3, 31.7 y 28.6.1, GeoServer 2.27.1, 2.26.3 y 2.25.7, y GeoNetwork 4.4.8 y 4.2.13."
}
],
"id": "CVE-2025-30220",
"lastModified": "2025-08-26T16:10:11.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-10T16:15:37.387",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geonetwork/core-geonetwork/pull/8757"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geonetwork/core-geonetwork/pull/8803"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geonetwork/core-geonetwork/pull/8812"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 15:15
Modified
2025-08-26 16:22
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C79E71-6482-4819-8739-A29E637FDBBB",
"versionEndExcluding": "2.25.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C466E73-8D7A-46B1-9997-8DBCDEF1D643",
"versionEndExcluding": "2.26.2",
"versionStartIncluding": "2.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) no cuenta con ninguna comprobaci\u00f3n para ocultar informaci\u00f3n potencialmente confidencial a los usuarios, excepto por una propiedad oculta del sistema que oculta las ubicaciones de almacenamiento y las muestra por defecto. Esta vulnerabilidad se corrigi\u00f3 en las versiones 2.26.2 y 2.25.6."
}
],
"id": "CVE-2024-38524",
"lastModified": "2025-08-26T16:22:42.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-10T15:15:22.880",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/GeoWebCache/geowebcache/issues/1344"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/GeoWebCache/geowebcache/pull/1345"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/pull/8189"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11677"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-21 22:15
Modified
2024-11-21 07:49
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC1A80B-98D3-4625-8819-EA1B81CE00F8",
"versionEndExcluding": "2.18.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA3065D-87A8-4DC1-8E2D-0FFEF02CAC79",
"versionEndExcluding": "2.19.7",
"versionStartIncluding": "2.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10778C77-EB5C-4F66-B915-67BF09BDD364",
"versionEndExcluding": "2.20.7",
"versionStartIncluding": "2.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDCB1FA-BF94-4CB6-BC14-C38777BCDB89",
"versionEndExcluding": "2.21.4",
"versionStartIncluding": "2.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "873D8AE3-D184-486E-86AB-E0D00454C533",
"versionEndExcluding": "2.22.2",
"versionStartIncluding": "2.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. GeoServer incluye soporte para el lenguaje de expresi\u00f3n de filtro OGC y el lenguaje de consulta com\u00fan (CQL) de OGC como parte de los protocolos Web Feature Service (WFS) y Web Map Service (WMS). CQL tambi\u00e9n es compatible a trav\u00e9s del protocolo Web Coverage Service (WCS) para coberturas de ImageMosaic. Se recomienda a los usuarios que actualicen a la versi\u00f3n 2.21.4 o 2.22.2 para resolver este problema. Los usuarios que no puedan actualizar deben deshabilitar la configuraci\u00f3n *encode funciones* de PostGIS Datastore para mitigar el mal uso de ``strEndsWith``, ``strStartsWith`` y ``PropertyIsLike `` y habilitar la configuraci\u00f3n *preparedStatements* de PostGIS DataStore para mitigar ``FeatureId` `mal uso."
}
],
"id": "CVE-2023-25157",
"lastModified": "2024-11-21T07:49:13.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-21T22:15:10.620",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 15:15
Modified
2025-08-26 16:11
Severity ?
Summary
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C79E71-6482-4819-8739-A29E637FDBBB",
"versionEndExcluding": "2.25.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "657234C4-41D0-4CD9-B1DD-BBF565C608C6",
"versionEndExcluding": "2.26.3",
"versionStartIncluding": "2.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer."
},
{
"lang": "es",
"value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. Es posible eludir la seguridad predeterminada de la API REST y acceder a la p\u00e1gina de \u00edndice. La seguridad de la API REST gestiona rest y sus subrutas, pero no rest con una extensi\u00f3n (p. ej., rest.html). El \u00edndice de la API REST puede revelar si ciertas extensiones est\u00e1n instaladas. Esta vulnerabilidad se corrigi\u00f3 en las versiones 2.26.3 y 2.25.6. Como soluci\u00f3n alternativa, en ${GEOSERVER_DATA_DIR}/security/config.xml, cambie las rutas del filtro rest a /rest.*,/rest/** y las del filtro gwc a /gwc/rest.*,/gwc/rest/** y reinicie GeoServer."
}
],
"id": "CVE-2025-27505",
"lastModified": "2025-08-26T16:11:55.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-10T15:15:23.903",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/geoserver/geoserver/pull/8170"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11664"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11776"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 22:15
Modified
2024-11-21 06:51
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh | Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D94AA9B-3DD0-4357-823B-75971C6C0844",
"versionEndExcluding": "2.19.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8D49ED-70B2-4FFA-BF72-78F0A2A1063D",
"versionEndExcluding": "2.20.4",
"versionStartIncluding": "2.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a usuarios compartir y editar datos geoespaciales. El mecanismo de seguridad de GeoServer puede llevar a cabo una b\u00fasqueda JNDI no verificada, que a su vez puede ser usada para llevar a cabo una deserializaci\u00f3n de clases y resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario. Lo mismo puede ocurrir mientras son configurados los almacenes de datos con fuentes de datos ubicadas en JNDI, o mientras es configurado el mecanismo de cuota de disco. Para llevar a cabo cualquiera de los cambios anteriores, el ataque necesita haber obtenido derechos de administrador y usar la GUI de GeoServer, o su API REST. Las b\u00fasquedas van a ser restringidas en GeoServer versiones 2.21.0, 2.20.4, 1.19.6. Los usuarios que no puedan actualizar deber\u00e1n restringir el acceso a \"geoserver/web\" y \"geoserver/rest\" por medio de un firewall y asegurarse de que el GeoWebCache no es accesible de forma remota"
}
],
"id": "CVE-2022-24847",
"lastModified": "2024-11-21T06:51:13.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T22:15:08.400",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-25 18:17
Modified
2024-11-21 08:24
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB82E9C-10E3-41B9-AA40-80D45DC3989F",
"versionEndExcluding": "2.22.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765C2F28-6A4F-42C4-AA52-D984D0F2F0A6",
"versionEndExcluding": "2.23.2",
"versionStartIncluding": "2.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. La especificaci\u00f3n del Servicio de procesamiento web (WPS) de OGC est\u00e1 dise\u00f1ada para procesar informaci\u00f3n de cualquier servidor mediante solicitudes GET y POST. Esto presenta la oportunidad de falsificar solicitudes del lado del servidor. Esta vulnerabilidad ha sido parcheada en las versiones 2.22.5 y 2.23.2."
}
],
"id": "CVE-2023-43795",
"lastModified": "2024-11-21T08:24:48.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:32.180",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 15:15
Modified
2025-08-26 16:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw | Mitigation, Third Party Advisory | |
| security-advisories@github.com | https://osgeo-org.atlassian.net/browse/GEOS-11390 | Issue Tracking | |
| security-advisories@github.com | https://osgeo-org.atlassian.net/browse/GEOS-11794 | Permissions Required |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF88E5A1-8701-48D6-9770-6AF7E83F9837",
"versionEndExcluding": "2.24.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B34DF6-4739-47A2-A8D0-9E63879F0858",
"versionEndExcluding": "2.25.2",
"versionStartIncluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."
},
{
"lang": "es",
"value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Es posible realizar Service Side Request Forgery (SSRF) a trav\u00e9s del endpoint de la solicitud de demostraci\u00f3n si no se ha configurado la URL base del proxy. La actualizaci\u00f3n a GeoServer 2.24.4 o 2.25.2 elimina el servlet TestWfsPost, lo que soluciona este problema."
}
],
"id": "CVE-2024-29198",
"lastModified": "2025-08-26T16:25:00.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-10T15:15:22.140",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11390"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11794"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}