Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-24846
HistoryApr 14, 2022 - 10:15 p.m.

CVE-2022-24846

2022-04-1422:15:07
Google
osv.dev
3

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local configuration file, in GeoServer a user interface is provided to perform the same, that can be accessed remotely, and requires admin-level login to be used. These lookup are unrestricted in scope and can lead to code execution. The lookups are going to be restricted in GeoWebCache 1.21.0, 1.20.2, 1.19.3.

CPENameOperatorVersion
geowebcacheeq1.20.0
geowebcacheeq1.20.1

Related

cve 1
nvd 1
cvelist 1
prion 1
cve
cve
CVE-2022-24846
2022-04-14 22:15:07
nvd
nvd
CVE-2022-24846
2022-04-14 22:15:07
cvelist
cvelist
CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache
2022-04-14 21:20:10
prion
prion
Deserialization of untrusted data
2022-04-14 22:15:00

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON
Related for OSV:CVE-2022-24846
cve1nvd1cvelist1prion1