Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.4 views

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS7.5AI score0.01923EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 3:15 p.m.10 views

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS0.01923EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/10 2:27 p.m.30 views

CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

7.5CVSS0.01923EPSS
Exploits0References3
CVE
CVE
added 2025/06/10 2:27 p.m.105 views

CVE-2024-29198

CVE-2024-29198 affects GeoServer via an unauthenticated SSRF vulnerability in the Demo Request endpoint when Proxy Base URL is not set. The root cause is insufficient validation/controls in the TestWfsPost path, allowing the server to issue requests on behalf of an attacker to internal networks o...

8.2CVSS7.5AI score0.01923EPSS
In wildExploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/10 2:27 p.m.6 views

CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

7.5CVSS7.1AI score0.01923EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/06/10 2:13 p.m.29 views

GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

Summary It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Details A unauthenticated user can supply a request that will be issued by the server. This can be used to enumerate internal networks and also in the case of cloud...

8.2CVSS7AI score0.01923EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.7 views

PT-2025-24660 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.24.4 GeoServer versions prior to 2.25.2 Description: The issue allows for Service Side Request Forgery SSRF via the Demo request endpoint if the Proxy Base URL has not been set. This can be used by an...

8.2CVSS6.3AI score0.18925EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/23 5:14 a.m.13 views

CVE-2023-41339

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

8.6CVSS6.9AI score0.00514EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/24 8:15 p.m.18 views

CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

8.6CVSS6.9AI score0.00514EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.415 views

Hasura GraphQL 1.3.3 Server-Side Request Forgery

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...

1AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.82 views

Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF) Exploit

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.778 views

Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...

7.4AI score
Exploits0
Rows per page
Query Builder