CVE-2024-23634
CVE-2024-23634 (GeoServer) affects GeoServer versions prior to 2.23.5 and 2.24.2. An authenticated administrator with REST Coverage/Data Store API file-store permissions can rename arbitrary files/directories to names not ending in .zip. External uploads are particularly susceptible, risking deni...