CVE-2024-27091 GeoNode stored XSS to full account takeover

GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims...

PT-2024-21642

Name of the Vulnerable Software and Affected Versions GeoNode versions prior to 4.2.3 Description The issue exists within GeoNode, a geospatial content management system, where the current rich text editor is vulnerable to Stored XSS. This allows an attacker to retrieve a victim's CSRF token and...

GeoNode 跨站脚本漏洞

GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. GeoNode suffers from a cross-site scripting vulnerability that stems from the rich text editor's susceptibility to cross-site scripting attacks, which can be exploited by an attacke...

django-filebrowser (=3.13.2), geonode (=3.3.3) +2 more potentially affected by CVE-2021-46898 via django-grappelli (>=2.10.1 <=2.15.1)

django-grappelli PYPI version =2.10.1, =6.5.0, =1.12.1, =1.13.0.dev10 Source cves: CVE-2021-46898 Source advisory: OSV:GHSA-9X43-5QCQ-H79Q...

django-filebrowser (=3.13.2), geonode (=3.3.3) +2 more potentially affected by CVE-2021-46898 via django-grappelli (>=2.10.1 <=2.15.1)

django-grappelli PYPI version =2.10.1, =6.5.0, =1.12.1, =1.13.0.dev10 Source cves: CVE-2021-46898 Source advisory: OSV:PYSEC-2023-211...

Server Side Request Forgery

GeoNode is vulnerable to Server Side Request Forgery. The vulnerability is due to bypassing the existing application whitelist using the @ or %40 character as a credential to the host geoserver on port 8080. This can be exploited by the attacker to fetch internal sensitive resources...

GHSA-PXG5-H34R-7Q8P GeoNode vulnerable to SSRF Bypass to return internal host data

A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. the application is using a whitelist, but the whitelist can be bypassed with @ and encoded value of @ %4...

Server-Side Request Forgery (SSRF)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

CVE-2023-42439

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

Server side request forgery (ssrf)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

PYSEC-2023-176

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

PYSEC-2023-176

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

CVE-2023-42439 GeoNode SSRF Bypass to return internal host data

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

CVE-2023-42439 GeoNode SSRF Bypass to return internal host data

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

CVE-2023-42439

GeoNode CVE-2023-42439 describes a Server-Side Request Forgery (SSRF) bypass vulnerability that bypasses the whitelist by manipulating the first host into a whitelisted address using @ or %40 as credentials to the geoserver (port 8080). The result is a full read SSRF that can return data from int...

CVE-2023-42439 GeoNode SSRF Bypass to return internal host data

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

GeoNode Code Issues Vulnerabilities

GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. A code issue vulnerability exists in GeoNode that stems from the presence of a cross-site request forgery vulnerability that can bypass existing controls on the software...

PT-2023-28341 · Geonode · Geonode

Name of the Vulnerable Software and Affected Versions: GeoNode versions 3.2.0 through 4.1.3 Description: A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network...

Server-Side Request Forgery (SSRF)

GeoNode is vulnerable to Server-Side Request Forgery SSRF. The vulnerability allows an attacker to make unauthorized requests to arbitrary hosts on an internal network via the /proxy/?url= endpoint, which could be used to steal sensitive data, launch denial-of-service attacks, or possibly execute...

CVE-2023-40017

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...