CVE-2023-51444

GeoServer CVE-2023-51444 is a authenticated arbitrary file upload vulnerability in REST Coverage Store API present in versions prior to 2.23.4 and 2.24.1. An admin with permissions to modify coverage stores can upload arbitrary file contents to arbitrary locations, enabling remote code execution....

CVE-2023-51444 GeoServer arbitrary file upload vulnerability in REST Coverage Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the...

CVE-2023-51444 GeoServer arbitrary file upload vulnerability in REST Coverage Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the...

CVE-2023-51444 GeoServer arbitrary file upload vulnerability in REST Coverage Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the...

GHSA-9RFR-PF2X-G4XF GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's...

GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API

Summary An arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip". Details Store file uploads...

GHSA-FH7P-5F6G-VJ2W Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST...

Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST...

GHSA-9V5Q-2GWQ-Q9HQ Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API

Summary An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Details Coverage...

Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API

Summary An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Details Coverage...

GHSA-8G7V-VJRC-X4G5 GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-41877

GeoServer path traversal vulnerability (CVE-2023-41877) affects GeoServer 2.23.4 and earlier. The issue requires GeoServer Administrator access to misconfigure the Global Settings for log file location, enabling an attacker to view logs via the GeoServer Logs page. The core impact includes potent...

GeoServer Security Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.3 and prior to 2.24.0, which stems from the presence of a stored cross-site scripting XSS vulnerability. An attacker...

PT-2024-19994 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.2 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

PT-2024-14127 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.0 Description: A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/lege...

GeoServer Path Traversal Vulnerability

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A path traversal vulnerability exists in GeoServer 2.23.4 and earlier versions, which stems from an administrator misconfiguring the log file, resulting in a path traversal vulnerabilit...