GeoServer Security Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.4 and prior to 2.24.1, which stems from the presence of a stored cross-site scripting XSS vulnerability...

GeoServer 安全漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective filtering and escaping of user-supplied...

GeoServer 安全漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective authentication of uploaded files. An...

GeoServer Security Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.5 and prior to 2.24.2, which stems from an arbitrary file renaming vulnerability that allows authenticated...

GeoServer Cross-Site Scripting Vulnerability

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.3 and 2.24.0, which stems from a cross-site scripting vulnerability contained in the REST Resources API...

PT-2024-19986 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.5 and 2.24.2 Description: An arbitrary file renaming issue exists, allowing an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrar...

GeoServer Security Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.3 and prior to 2.24.1, which stems from the presence of a stored cross-site scripting XSS vulnerability...

PT-2024-13006 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.23.4 and prior Description: A path traversal vulnerability requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin...

GeoServer Security Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.4 and prior to 2.24.1, which stems from the presence of a stored cross-site scripting XSS vulnerability...

GeoServer Security Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.2 and prior to 2.24.1 that stems from the presence of a stored cross-site scripting XSS vulnerability...

PT-2024-20099 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

PT-2024-20100 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.4 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

PT-2024-19993 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.4 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

CVE-2023-51444

creationtimestamp| type| source ---|---|--- 2024-03-19 19:14:24+00:00| published-proof-of-concept| https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq...

CVE-2024-23634

creationtimestamp| type| source ---|---|--- 2024-03-19 19:14:03+00:00| published-proof-of-concept| https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx...

CVE-2023-51445

creationtimestamp| type| source ---|---|--- 2024-03-19 19:13:06+00:00| published-proof-of-concept| https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w...

PT-2024-5226 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.5 and 2.24.3 Description: The issue is related to the GeoWebCache ByteStreamController class, where it is possible to bypass existing input validation and read arbitrary classpath resources with specific file...

VulnCheck KEV: CVE-2022-24816

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

VulnCheck KEV: CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

GeoServer server-side request forgery vulnerability (CNVD-2024-14588)

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...