81 matches found
Server Side Request Forgery
GeoNode is vulnerable to Server Side Request Forgery. The vulnerability is due to bypassing the existing application whitelist using the @ or %40 character as a credential to the host geoserver on port 8080. This can be exploited by the attacker to fetch internal sensitive resources...
GHSA-PXG5-H34R-7Q8P GeoNode vulnerable to SSRF Bypass to return internal host data
A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. the application is using a whitelist, but the whitelist can be bypassed with @ and encoded value of @ %4...
Server-Side Request Forgery (SSRF)
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
CVE-2023-42439
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
PYSEC-2023-176
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
Server side request forgery (ssrf)
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
PYSEC-2023-176
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
CVE-2023-42439 GeoNode SSRF Bypass to return internal host data
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
CVE-2023-42439
GeoNode CVE-2023-42439 describes a Server-Side Request Forgery (SSRF) bypass vulnerability that bypasses the whitelist by manipulating the first host into a whitelisted address using @ or %40 as credentials to the geoserver (port 8080). The result is a full read SSRF that can return data from int...
CVE-2023-42439 GeoNode SSRF Bypass to return internal host data
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
CVE-2023-42439 GeoNode SSRF Bypass to return internal host data
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
PT-2023-28341 · Geonode · Geonode
Name of the Vulnerable Software and Affected Versions: GeoNode versions 3.2.0 through 4.1.3 Description: A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network...
GeoNode Code Issues Vulnerabilities
GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. A code issue vulnerability exists in GeoNode that stems from the presence of a cross-site request forgery vulnerability that can bypass existing controls on the software...
Server-Side Request Forgery (SSRF)
GeoNode is vulnerable to Server-Side Request Forgery SSRF. The vulnerability allows an attacker to make unauthorized requests to arbitrary hosts on an internal network via the /proxy/?url= endpoint, which could be used to steal sensitive data, launch denial-of-service attacks, or possibly execute...
CVE-2023-40017
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...
PYSEC-2023-269
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...
PYSEC-2023-269
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...
Server side request forgery (ssrf)
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...
CVE-2023-40017
GeoNode versions 3.2.0–4.1.2 are affected by an SSRF vulnerability in the /proxy/?url= endpoint that enables port-scanning internal hosts and proxying data from internal services. Root cause is improper protection against SSRF. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499...
CVE-2023-40017 Geonode Server Side Request Forgery vulnerability
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...