Geoserver@* Security Vulnerabilities and Issues — Geoserver@* CVE List

Lucene search

GeoserverGeoserver*

27 matches found

CVE•added 2022/04/13 10:15 p.m.•702 views

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can hap...

7.2CVSS7.3AI score0.00185EPSS

CVE•added 2024/07/01 4:15 p.m.•287 views

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer instal...

9.8CVSS9.8AI score0.94425EPSS

CVE•added 2023/02/21 10:15 p.m.•241 views

CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQ...

9.8CVSS9.4AI score0.93789EPSS

CVE•added 2024/03/20 3:15 p.m.•140 views

CVE-2023-51444

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the RE...

7.2CVSS7.3AI score0.0284EPSS

CVE•added 2023/10/25 6:17 p.m.•104 views

CVE-2023-41339

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, withou...

8.6CVSS6.8AI score0.00133EPSS

CVE•added 2023/10/25 6:17 p.m.•100 views

CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request F...

9.8CVSS9.1AI score0.907EPSS

CVE•added 2024/03/20 6:15 p.m.•99 views

CVE-2024-23642

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a Jav...

4.8CVSS5.4AI score0.00295EPSS

CVE•added 2024/03/20 4:15 p.m.•98 views

CVE-2023-51445

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a Jav...

4.8CVSS4.9AI score0.00531EPSS

CVE•added 2024/03/20 4:15 p.m.•96 views

CVE-2024-23634

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Cove...

6CVSS6.8AI score0.00648EPSS

CVE•added 2024/03/20 6:15 p.m.•88 views

CVE-2024-23821

4.8CVSS4.8AI score0.0034EPSS

CVE•added 2025/06/10 4:15 p.m.•85 views

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in pa...

9.9CVSS9.3AI score0.08315EPSS

CVE•added 2024/03/20 6:15 p.m.•71 views

CVE-2024-23818

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a Jav...

4.8CVSS4.8AI score0.00333EPSS

CVE•added 2024/03/20 3:15 p.m.•70 views

CVE-2023-41877

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to...

7.2CVSS7AI score0.00232EPSS

CVE•added 2024/03/20 6:15 p.m.•70 views

CVE-2024-23643

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a Jav...

4.8CVSS4.8AI score0.00301EPSS

CVE•added 2024/03/20 6:15 p.m.•69 views

CVE-2024-23819

4.8CVSS5.3AI score0.00295EPSS

CVE•added 2025/06/10 3:15 p.m.•66 views

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfs...

7.5CVSS7.5AI score0.12325EPSS

CVE•added 2024/07/01 3:15 p.m.•66 views

CVE-2024-34696

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative right...

4.9CVSS5AI score0.00218EPSS

CVE•added 2024/03/20 4:15 p.m.•65 views

CVE-2024-23640

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a Jav...

4.8CVSS5.5AI score0.00307EPSS

CVE•added 2025/06/10 3:15 p.m.•64 views

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerabil...

5.5CVSS5.3AI score0.00048EPSS

CVE•added 2024/12/16 11:15 p.m.•52 views

CVE-2024-35230

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive...

5.3CVSS5.1AI score0.00144EPSS

CVE•added 2025/06/10 3:15 p.m.•50 views

CVE-2024-34711

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLoc...

9.3CVSS9.2AI score0.00043EPSS

CVE•added 2025/06/10 3:15 p.m.•49 views

CVE-2024-38524

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the st...

5.3CVSS5AI score0.00044EPSS

CVE•added 2024/07/01 2:15 p.m.•47 views

CVE-2024-24749

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ...

7.5CVSS7.7AI score0.00189EPSS

CVE•added 2023/06/12 3:15 p.m.•44 views

CVE-2023-35042

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.

9.8CVSS9.7AI score0.31141EPSS

CVE•added 2025/06/10 3:15 p.m.•43 views

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disc...

5.3CVSS5.2AI score0.01244EPSS

CVE•added 2009/09/14 2:30 p.m.•37 views

CVE-2008-7227

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.

5CVSS6.7AI score0.00305EPSS

CVE•added 2025/06/10 3:15 p.m.•35 views

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerabi...

7.5CVSS7.3AI score0.00054EPSS