cnvd - cnvd-2024-14776

cnvd-2024-14776

Vulnerability from cnvd

Title: GeoServer输入验证错误漏洞

Description:

GeoServer是用Java编写的开源软件服务器。

GeoServer存在输入验证错误漏洞，攻击者可利用该执行未经检查的JNDI查找，进而可以用于执行类反序列化并导致任意代码执行。

Severity: 中

Patch Name: GeoServer输入验证错误漏洞的补丁

Patch Description:

GeoServer是用Java编写的开源软件服务器。

GeoServer存在输入验证错误漏洞，攻击者可利用该执行未经检查的JNDI查找，进而可以用于执行类反序列化并导致任意代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-24847

Impacted products

Name
['Geoserver Geoserver <2.19.6', 'Geoserver Geoserver >=2.20.0，<2.20.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24847",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-24847"
    }
  },
  "description": "GeoServer\u662f\u7528Java\u7f16\u5199\u7684\u5f00\u6e90\u8f6f\u4ef6\u670d\u52a1\u5668\u3002\n\nGeoServer\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6267\u884c\u672a\u7ecf\u68c0\u67e5\u7684JNDI\u67e5\u627e\uff0c\u8fdb\u800c\u53ef\u4ee5\u7528\u4e8e\u6267\u884c\u7c7b\u53cd\u5e8f\u5217\u5316\u5e76\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14776",
  "openTime": "2024-03-22",
  "patchDescription": "GeoServer\u662f\u7528Java\u7f16\u5199\u7684\u5f00\u6e90\u8f6f\u4ef6\u670d\u52a1\u5668\u3002\r\n\r\nGeoServer\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6267\u884c\u672a\u7ecf\u68c0\u67e5\u7684JNDI\u67e5\u627e\uff0c\u8fdb\u800c\u53ef\u4ee5\u7528\u4e8e\u6267\u884c\u7c7b\u53cd\u5e8f\u5217\u5316\u5e76\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GeoServer\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Geoserver Geoserver \u003c2.19.6",
      "Geoserver Geoserver \u003e=2.20.0\uff0c\u003c2.20.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-24847",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-14",
  "title": "GeoServer\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2022-24847 (GCVE-0-2022-24847)

Vulnerability from cvelistv5

Published

2022-04-13 21:20

Modified

2025-04-23 18:39

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Summary

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.

References

▼	URL	Tags
	https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	geoserver	geoserver	Version: >= 2.20.0, < 2.20.4 Version: < 2.19.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:54:24.086363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:39:57.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "geoserver",
          "vendor": "geoserver",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.20.0, \u003c 2.20.4"
            },
            {
              "status": "affected",
              "version": "\u003c 2.19.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T21:20:12.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
        }
      ],
      "source": {
        "advisory": "GHSA-4pm3-f52j-8ggh",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Input Validation in GeoServer",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24847",
          "STATE": "PUBLIC",
          "TITLE": "Improper Input Validation in GeoServer"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "geoserver",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 2.20.0, \u003c 2.20.4"
                          },
                          {
                            "version_value": "\u003c 2.19.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "geoserver"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh",
              "refsource": "CONFIRM",
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4pm3-f52j-8ggh",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24847",
    "datePublished": "2022-04-13T21:20:12.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:39:57.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted