CVE-2023-5786

Published: Oct 26, 2023Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592.

Affected (1)

Products: Geoserver: Geowebcache

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Geoserver Geowebcache	Before 1.15.1

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (6)

https://github.com/Qxyday/GeoServe---unauthorized

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.243592

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.243592

Source: cna@vuldb.com

Third Party Advisory

https://github.com/Qxyday/GeoServe---unauthorized

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.243592

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.243592

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.