81 matches found
CVE-2023-40017 Geonode Server Side Request Forgery vulnerability
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...
CVE-2023-40017 Geonode Server Side Request Forgery vulnerability
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...
GeoNode 代码问题漏洞
GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. A code issue vulnerability exists in GeoNode versions 3.2.0 through 4.1.2, which stems from a server request forgery SSRF vulnerability in the endpoint /proxy/?url=. An attacker cou...
CVE-2023-28442
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...
Default configuration
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...
CVE-2023-28442 Geoserver for GeoNode sensitive information leak
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...
CVE-2023-28442 Geoserver for GeoNode sensitive information leak
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...
CVE-2023-28442 Geoserver for GeoNode sensitive information leak
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...
CVE-2023-28442
CVE-2023-28442 affects GeoNode (3 and 4) where anonymous users can retrieve sensitive configuration information from the Geoserver REST endpoint /geoserver/rest/about/status. Versions before 2.20.7 (also 2.19.6/2.18.7) are exposed due to Geoserver configuration for GeoNode leaving REST endpoints ...
GeoNode 信息泄露漏洞
GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. An information disclosure vulnerability exists in GeoNode versions prior to 2.20.7, which stems from an anonymous user being able to obtain sensitive configuration-related informati...
CVE-2023-26043
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
PYSEC-2023-15
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
PYSEC-2023-15
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
cartoview (>=1.8.2 <=1.8.4) potentially affected by CVE-2023-26043 via geonode (>=2.10.4 <=2.8.1)
geonode PYPI version =2.10.4, =1.8.2, =1.8.4 Source cves: CVE-2023-26043 Source advisory: OSV:PYSEC-2023-15...
Xxe
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
CVE-2023-26043
CVE-2023-26043 is an XXE injection in GeoNode’s GeoServer style upload pathway that can lead to an authenticated Arbitrary File Read. The vulnerability stems from the server-side parsing of user-supplied SLD files (style uploads) without proper entity resolution, enabling an attacker to read file...
CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
GeoServer 代码问题漏洞
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoNode versions prior to 4.0.3, which stems from the presence of an XML External Entity XXE injection vulnerability that can be exploited by an...