CVE-2023-28442
CVE-2023-28442 affects GeoNode (3 and 4) where anonymous users can retrieve sensitive configuration information from the Geoserver REST endpoint /geoserver/rest/about/status. Versions before 2.20.7 (also 2.19.6/2.18.7) are exposed due to Geoserver configuration for GeoNode leaving REST endpoints ...