7 matches found
CVE-2024-23634
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
GeoServer 2.24.0 < 2.24.1 Multiples Vulnerabilities
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by Multiples Vulnerabilities : - An Arbitrary file upload vulnerability in REST Coverage Store API - A Stored Cross-Site Scripting XSS vulnerabilit...
GeoServer < 2.23.4 Multiples Vulnerabilities
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by Multiples Vulnerabilities : - An Arbitrary file upload vulnerability in REST Coverage Store API - A Stored Cross-Site Scripting XSS vulnerabilit...
GHSA-9V5Q-2GWQ-Q9HQ Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
Summary An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Details Coverage...
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
Summary An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Details Coverage...
PT-2024-19986 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.5 and 2.24.2 Description: An arbitrary file renaming issue exists, allowing an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrar...
PT-2024-14126 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.4 and 2.24.1 Description: An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the "REST Coverage Store API" to upload...