Lucene search
+L
GeosolutionsgroupGeonode

7 matches found

CVE
CVE
added 2023/02/27 8:37 p.m.127 views

CVE-2023-26043

CVE-2023-26043 is an XXE injection in GeoNode’s GeoServer style upload pathway that can lead to an authenticated Arbitrary File Read. The vulnerability stems from the server-side parsing of user-supplied SLD files (style uploads) without proper entity resolution, enabling an attacker to read file...

6.5CVSS6.6AI score0.00836EPSS
CVE
CVE
added 2023/09/15 8:22 p.m.111 views

CVE-2023-42439

GeoNode CVE-2023-42439 describes a Server-Side Request Forgery (SSRF) bypass vulnerability that bypasses the whitelist by manipulating the first host into a whitelisted address using @ or %40 as credentials to the geoserver (port 8080). The result is a full read SSRF that can return data from int...

7.5CVSS6.8AI score0.0078EPSS
CVE
CVE
added 2023/08/24 10:45 p.m.78 views

CVE-2023-40017

GeoNode versions 3.2.0–4.1.2 are affected by an SSRF vulnerability in the /proxy/?url= endpoint that enables port-scanning internal hosts and proxying data from internal services. Root cause is improper protection against SSRF. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499...

7.5CVSS7.4AI score0.00638EPSS
Web
CVE
CVE
added 2024/03/27 1:1 p.m.71 views

CVE-2024-27091

GeoNode's Stored XSS in the rich text editor is confirmed across multiple sources. The issue allows an attacker to retrieve a victim's CSRF token and trigger an email-change request, potentially leading to account takeover. Root cause: vulnerable rich text editor that does not mitigate XSS; impac...

6.1CVSS6.1AI score0.00376EPSS
CVE
CVE
added 2023/03/23 11:10 p.m.68 views

CVE-2023-28442

CVE-2023-28442 affects GeoNode (3 and 4) where anonymous users can retrieve sensitive configuration information from the Geoserver REST endpoint /geoserver/rest/about/status. Versions before 2.20.7 (also 2.19.6/2.18.7) are exposed due to Geoserver configuration for GeoNode leaving REST endpoints ...

7.5CVSS5.7AI score0.0064EPSS
CVE
CVE
added 2026/04/10 7:52 p.m.45 views

CVE-2026-39921

Technical details about CVE-2026-39921 (affected GeoNode versions, exact exploit steps, and remediation specifics) are not publicly provided in the supplied documents. Monitor for updates from official advisories.

6.3CVSS5.9AI score0.00222EPSS
CVE
CVE
added 2026/04/10 7:53 p.m.23 views

CVE-2026-39922

CVE-2026-39922 affects GeoNode 4.x (pre-4.4.5) and 5.x (pre-5.0.2). The issue is a server-side request forgery in the service registration endpoint, allowing authenticated attackers to submit crafted service URLs to trigger outbound requests to arbitrary URLs via the WMS service handler, bypassin...

6.3CVSS5.5AI score0.00172EPSS