Lucene search
China National Vulnerability DatabaseCNVD-2024-14579HistoryMar 22, 2024 - 12:00 a.m.
GeoServer Arbitrary File Upload Vulnerability
2024-03-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
50
geoserver
file upload
vulnerability
remote code execution
rest api
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application’s lack of effective authentication of uploaded files. An authenticated attacker can exploit this vulnerability to modify the storage via the REST Coverage Store API to upload arbitrary file content to an arbitrary file location, resulting in remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| geoserver geoserver | lt | 2.23.4 | |
| geoserver geoserver | lt | 2.24.1 |
Related
osv
osv
CVE-2023-51444
2024-03-20 15:15:07
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
2024-03-20 14:54:59
github
github
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
2024-03-20 14:54:59
nvd
nvd
CVE-2023-51444
2024-03-20 15:15:07
cve
cve
CVE-2023-51444
2024-03-20 15:15:07
cvelist
cvelist