CVE-2023-43795

nvd nist nuclei

Published: Oct 25, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

Affected (2)

Products: Osgeo: Geoserver

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Osgeo Geoserver	Before 2.22.5
Osgeo Geoserver	From 2.23.0 to 2.23.2

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956

Source: security-advisories@github.com

MitigationVendor Advisory

https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.