Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for geoserver by osgeo

    CVE-2025-58175 (GCVE-0-2025-58175)

    Vulnerability from nvd – Published: 2026-06-18 14:31 – Updated: 2026-06-18 15:26
    VLAI
    Title
    GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver:gs-main Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:25:52.864367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:26:07.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver:gs-main",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:31:19.757Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8622",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8622"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11867"
            }
          ],
          "source": {
            "advisory": "GHSA-x4r9-gmw3-hxww",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-58175",
        "datePublished": "2026-06-18T14:31:19.757Z",
        "dateReserved": "2025-08-27T13:34:56.189Z",
        "dateUpdated": "2026-06-18T15:26:07.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52465 (GCVE-0-2025-52465)

    Vulnerability from nvd – Published: 2026-06-18 14:28 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver.web:gs-web-sec-core Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:00.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver.web:gs-web-sec-core",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer\u0027s security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:28:41.270Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8584",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8584"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11852",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11852"
            },
            {
              "name": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild"
            }
          ],
          "source": {
            "advisory": "GHSA-7qmg-grcp-qf25",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-52465",
        "datePublished": "2026-06-18T14:28:41.270Z",
        "dateReserved": "2025-06-17T02:28:39.716Z",
        "dateUpdated": "2026-06-24T03:56:00.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27511 (GCVE-0-2025-27511)

    Vulnerability from nvd – Published: 2026-06-18 14:23 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27511",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:02.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.extension:gs-db2",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.27.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:23:01.788Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.27.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.27.0"
            },
            {
              "name": "https://nvd.nist.gov/vuln/detail/cve-2023-27867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27867"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOT-7725",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOT-7725"
            }
          ],
          "source": {
            "advisory": "GHSA-g628-r368-6vh7",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27511",
        "datePublished": "2026-06-18T14:23:01.788Z",
        "dateReserved": "2025-02-26T18:11:52.306Z",
        "dateUpdated": "2026-06-24T03:56:02.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30220 (GCVE-0-2025-30220)

    Vulnerability from nvd – Published: 2025-06-10 15:16 – Updated: 2025-06-10 17:13
    Title
    GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.27.0, < 2.27.1
    Affected: >= 2.26.0, < 2.26.3
    Affected: < 2.25.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T17:13:03.887707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T17:13:09.180Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T15:16:39.339Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc"
            },
            {
              "name": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/pull/8757",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/pull/8757"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/pull/8803",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/pull/8803"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/pull/8812",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/pull/8812"
            },
            {
              "name": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
            }
          ],
          "source": {
            "advisory": "GHSA-jj54-8f66-c5pc",
            "discovery": "UNKNOWN"
          },
          "title": "GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-30220",
        "datePublished": "2025-06-10T15:16:39.339Z",
        "dateReserved": "2025-03-18T18:15:13.851Z",
        "dateUpdated": "2025-06-10T17:13:09.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-30145 (GCVE-0-2025-30145)

    Vulnerability from nvd – Published: 2025-06-10 14:58 – Updated: 2025-06-10 15:16
    VLAI
    Title
    GeoServer has an Infinite Loop Vulnerability in Jiffle process
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.26.0, < 2.26.3
    Affected: < 2.25.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30145",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:16:16.672596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:16:31.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and  the Jiffle process."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:58:48.408Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf"
            },
            {
              "name": "https://github.com/geosolutions-it/jai-ext/pull/307",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geosolutions-it/jai-ext/pull/307"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11778",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11778"
            }
          ],
          "source": {
            "advisory": "GHSA-gr67-pwcv-76gf",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has an Infinite Loop Vulnerability in Jiffle process"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-30145",
        "datePublished": "2025-06-10T14:58:48.408Z",
        "dateReserved": "2025-03-17T12:41:42.564Z",
        "dateUpdated": "2025-06-10T15:16:31.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27505 (GCVE-0-2025-27505)

    Vulnerability from nvd – Published: 2025-06-10 14:52 – Updated: 2025-06-10 15:01
    Title
    GeoServer Missing Authorization on REST API Index
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.26.0, < 2.26.3
    Affected: < 2.25.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27505",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:01:26.113408Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:01:45.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:52:19.499Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8170",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8170"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11664",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11664"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11776",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11776"
            }
          ],
          "source": {
            "advisory": "GHSA-h86g-x8mm-78m5",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer Missing Authorization on REST API Index"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27505",
        "datePublished": "2025-06-10T14:52:19.499Z",
        "dateReserved": "2025-02-26T18:11:52.305Z",
        "dateUpdated": "2025-06-10T15:01:45.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40625 (GCVE-0-2024-40625)

    Vulnerability from nvd – Published: 2025-06-10 14:49 – Updated: 2025-06-10 14:55
    VLAI
    Title
    GeoServer Coverage REST API Allows Server Side Request Forgery
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:54:52.333248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T14:55:09.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals \u0027url\u0027) with no restrict. This vulnerability is fixed in 2.26.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:49:05.368Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11468",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11468"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11717",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11717"
            }
          ],
          "source": {
            "advisory": "GHSA-r4hf-r8gj-jgw2",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer Coverage REST API Allows Server Side Request Forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-40625",
        "datePublished": "2025-06-10T14:49:05.368Z",
        "dateReserved": "2024-07-08T16:13:15.510Z",
        "dateUpdated": "2025-06-10T14:55:09.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-38524 (GCVE-0-2024-38524)

    Vulnerability from nvd – Published: 2025-06-10 14:43 – Updated: 2025-06-10 14:56
    VLAI
    Title
    GWC Home Page communicate version and revision information
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.26.0, < 2.26.2
    Affected: < 2.25.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:56:50.768148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T14:56:58.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:43:04.590Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f"
            },
            {
              "name": "https://github.com/GeoWebCache/geowebcache/issues/1344",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/GeoWebCache/geowebcache/issues/1344"
            },
            {
              "name": "https://github.com/GeoWebCache/geowebcache/pull/1345",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/GeoWebCache/geowebcache/pull/1345"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8189",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8189"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11677",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11677"
            }
          ],
          "source": {
            "advisory": "GHSA-jm79-7xhw-6f6f",
            "discovery": "UNKNOWN"
          },
          "title": "GWC Home Page communicate version and revision information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-38524",
        "datePublished": "2025-06-10T14:43:04.590Z",
        "dateReserved": "2024-06-18T16:37:02.728Z",
        "dateUpdated": "2025-06-10T14:56:58.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34711 (GCVE-0-2024-34711)

    Vulnerability from nvd – Published: 2025-06-10 14:33 – Updated: 2025-06-10 15:08
    VLAI
    Title
    GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.25.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:08:02.959639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:08:27.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.25.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:33:18.872Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965"
            },
            {
              "name": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
            }
          ],
          "source": {
            "advisory": "GHSA-mc43-4fqr-c965",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-34711",
        "datePublished": "2025-06-10T14:33:18.872Z",
        "dateReserved": "2024-05-07T13:53:00.133Z",
        "dateUpdated": "2025-06-10T15:08:27.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29198 (GCVE-0-2024-29198)

    Vulnerability from nvd – Published: 2025-06-10 14:27 – Updated: 2025-06-17 19:12
    VLAI
    Title
    GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.0.0, < 2.24.4
    Affected: >= 2.25.0, < 2.25.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29198",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:34:24.822105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T19:12:00.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.24.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.25.0, \u003c 2.25.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:27:39.485Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11390",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11390"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11794",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11794"
            }
          ],
          "source": {
            "advisory": "GHSA-5gw5-jccf-6hxw",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29198",
        "datePublished": "2025-06-10T14:27:39.485Z",
        "dateReserved": "2024-03-18T17:07:00.095Z",
        "dateUpdated": "2025-06-17T19:12:00.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35230 (GCVE-0-2024-35230)

    Vulnerability from nvd – Published: 2024-12-16 22:18 – Updated: 2024-12-17 14:40
    VLAI
    Title
    Welcome and About GeoServer pages communicate version and revision information
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.0.0, < 2.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35230",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-17T14:39:46.671847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-17T14:40:36.212Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-16T22:18:19.896Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
            },
            {
              "name": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8"
            },
            {
              "name": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920"
            }
          ],
          "source": {
            "advisory": "GHSA-6pfc-w86r-54q6",
            "discovery": "UNKNOWN"
          },
          "title": "Welcome and About GeoServer pages communicate version and revision information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-35230",
        "datePublished": "2024-12-16T22:18:19.896Z",
        "dateReserved": "2024-05-14T15:39:41.785Z",
        "dateUpdated": "2024-12-17T14:40:36.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43795 (GCVE-0-2023-43795)

    Vulnerability from nvd – Published: 2023-10-24 22:14 – Updated: 2024-09-17 14:15
    Title
    WPS Server Side Request Forgery in GeoServer
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.22.5
    Affected: >= 2.23.0, < 2.23.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.081Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43795",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T13:52:43.998305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:15:26.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.22.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.23.0, \u003c 2.23.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T22:14:30.956Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
            }
          ],
          "source": {
            "advisory": "GHSA-5pr3-m5hm-9956",
            "discovery": "UNKNOWN"
          },
          "title": "WPS Server Side Request Forgery in GeoServer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-43795",
        "datePublished": "2023-10-24T22:14:30.956Z",
        "dateReserved": "2023-09-22T14:51:42.339Z",
        "dateUpdated": "2024-09-17T14:15:26.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41339 (GCVE-0-2023-41339)

    Vulnerability from nvd – Published: 2023-10-24 20:15 – Updated: 2024-09-11 18:00
    VLAI
    Title
    Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.22.5
    Affected: >= 2.23.0, < 2.23.2
    Create a notification for this product.
    geoserver geoserver Affected: 0 , < 2.22.5 (custom)
    Affected: 0 , < 2.23.2 (custom)
        cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:01:35.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
              },
              {
                "name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
              },
              {
                "name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "geoserver",
                "vendor": "geoserver",
                "versions": [
                  {
                    "lessThan": "2.22.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2.23.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T17:56:27.424894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T18:00:37.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.22.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.23.0, \u003c 2.23.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=\u003curl\u003e`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied \"dynamic styling\".  Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:15:17.428Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
            }
          ],
          "source": {
            "advisory": "GHSA-cqpc-x2c6-2gmf",
            "discovery": "UNKNOWN"
          },
          "title": "Unsecured WMS dynamic styling sld=\u003curl\u003e parameter affords blind unauthenticated SSRF in GeoServer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-41339",
        "datePublished": "2023-10-24T20:15:17.428Z",
        "dateReserved": "2023-08-28T16:56:43.368Z",
        "dateUpdated": "2024-09-11T18:00:37.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25157 (GCVE-0-2023-25157)

    Vulnerability from nvd – Published: 2023-02-21 21:00 – Updated: 2025-03-10 21:07
    VLAI
    Title
    Unfiltered SQL Injection Vulnerabilities in Geoserver
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.22.0, < 2.22.2
    Affected: < 2.21.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:18:35.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
              },
              {
                "name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T20:59:02.658010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T21:07:17.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.22.0, \u003c 2.22.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.21.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols.  CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-21T21:00:13.392Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
            },
            {
              "name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
            }
          ],
          "source": {
            "advisory": "GHSA-7g5f-wrx8-5ccf",
            "discovery": "UNKNOWN"
          },
          "title": "Unfiltered SQL Injection Vulnerabilities in Geoserver"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-25157",
        "datePublished": "2023-02-21T21:00:13.392Z",
        "dateReserved": "2023-02-03T16:59:18.243Z",
        "dateUpdated": "2025-03-10T21:07:17.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40822 (GCVE-0-2021-40822)

    Vulnerability from nvd – Published: 2022-05-01 23:17 – Updated: 2024-08-04 02:51
    Summary
    GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:51:07.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/releases"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-01T23:17:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-40822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/geoserver/geoserver/releases",
                  "refsource": "MISC",
                  "url": "https://github.com/geoserver/geoserver/releases"
                },
                {
                  "name": "https://osgeo-org.atlassian.net/browse/GEOS-10229",
                  "refsource": "MISC",
                  "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
                },
                {
                  "name": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
                },
                {
                  "name": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508",
                  "refsource": "MISC",
                  "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-40822",
        "datePublished": "2022-05-01T23:17:25.000Z",
        "dateReserved": "2021-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:51:07.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-58175 (GCVE-0-2025-58175)

    Vulnerability from cvelistv5 – Published: 2026-06-18 14:31 – Updated: 2026-06-18 15:26
    VLAI
    Title
    GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver:gs-main Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:25:52.864367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:26:07.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver:gs-main",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:31:19.757Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8622",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8622"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11867"
            }
          ],
          "source": {
            "advisory": "GHSA-x4r9-gmw3-hxww",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-58175",
        "datePublished": "2026-06-18T14:31:19.757Z",
        "dateReserved": "2025-08-27T13:34:56.189Z",
        "dateUpdated": "2026-06-18T15:26:07.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52465 (GCVE-0-2025-52465)

    Vulnerability from cvelistv5 – Published: 2026-06-18 14:28 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver.web:gs-web-sec-core Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:00.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver.web:gs-web-sec-core",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer\u0027s security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:28:41.270Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8584",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8584"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11852",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11852"
            },
            {
              "name": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild"
            }
          ],
          "source": {
            "advisory": "GHSA-7qmg-grcp-qf25",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-52465",
        "datePublished": "2026-06-18T14:28:41.270Z",
        "dateReserved": "2025-06-17T02:28:39.716Z",
        "dateUpdated": "2026-06-24T03:56:00.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27511 (GCVE-0-2025-27511)

    Vulnerability from cvelistv5 – Published: 2026-06-18 14:23 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27511",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:02.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.extension:gs-db2",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.27.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:23:01.788Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.27.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.27.0"
            },
            {
              "name": "https://nvd.nist.gov/vuln/detail/cve-2023-27867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27867"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOT-7725",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOT-7725"
            }
          ],
          "source": {
            "advisory": "GHSA-g628-r368-6vh7",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27511",
        "datePublished": "2026-06-18T14:23:01.788Z",
        "dateReserved": "2025-02-26T18:11:52.306Z",
        "dateUpdated": "2026-06-24T03:56:02.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30220 (GCVE-0-2025-30220)

    Vulnerability from cvelistv5 – Published: 2025-06-10 15:16 – Updated: 2025-06-10 17:13
    Title
    GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.27.0, < 2.27.1
    Affected: >= 2.26.0, < 2.26.3
    Affected: < 2.25.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T17:13:03.887707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T17:13:09.180Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T15:16:39.339Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc"
            },
            {
              "name": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/pull/8757",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/pull/8757"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/pull/8803",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/pull/8803"
            },
            {
              "name": "https://github.com/geonetwork/core-geonetwork/pull/8812",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geonetwork/core-geonetwork/pull/8812"
            },
            {
              "name": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
            }
          ],
          "source": {
            "advisory": "GHSA-jj54-8f66-c5pc",
            "discovery": "UNKNOWN"
          },
          "title": "GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-30220",
        "datePublished": "2025-06-10T15:16:39.339Z",
        "dateReserved": "2025-03-18T18:15:13.851Z",
        "dateUpdated": "2025-06-10T17:13:09.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-30145 (GCVE-0-2025-30145)

    Vulnerability from cvelistv5 – Published: 2025-06-10 14:58 – Updated: 2025-06-10 15:16
    VLAI
    Title
    GeoServer has an Infinite Loop Vulnerability in Jiffle process
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.26.0, < 2.26.3
    Affected: < 2.25.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30145",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:16:16.672596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:16:31.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and  the Jiffle process."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:58:48.408Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf"
            },
            {
              "name": "https://github.com/geosolutions-it/jai-ext/pull/307",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geosolutions-it/jai-ext/pull/307"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11778",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11778"
            }
          ],
          "source": {
            "advisory": "GHSA-gr67-pwcv-76gf",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has an Infinite Loop Vulnerability in Jiffle process"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-30145",
        "datePublished": "2025-06-10T14:58:48.408Z",
        "dateReserved": "2025-03-17T12:41:42.564Z",
        "dateUpdated": "2025-06-10T15:16:31.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27505 (GCVE-0-2025-27505)

    Vulnerability from cvelistv5 – Published: 2025-06-10 14:52 – Updated: 2025-06-10 15:01
    Title
    GeoServer Missing Authorization on REST API Index
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.26.0, < 2.26.3
    Affected: < 2.25.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27505",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:01:26.113408Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:01:45.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:52:19.499Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8170",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8170"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11664",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11664"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11776",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11776"
            }
          ],
          "source": {
            "advisory": "GHSA-h86g-x8mm-78m5",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer Missing Authorization on REST API Index"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27505",
        "datePublished": "2025-06-10T14:52:19.499Z",
        "dateReserved": "2025-02-26T18:11:52.305Z",
        "dateUpdated": "2025-06-10T15:01:45.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40625 (GCVE-0-2024-40625)

    Vulnerability from cvelistv5 – Published: 2025-06-10 14:49 – Updated: 2025-06-10 14:55
    VLAI
    Title
    GeoServer Coverage REST API Allows Server Side Request Forgery
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:54:52.333248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T14:55:09.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals \u0027url\u0027) with no restrict. This vulnerability is fixed in 2.26.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:49:05.368Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11468",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11468"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11717",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11717"
            }
          ],
          "source": {
            "advisory": "GHSA-r4hf-r8gj-jgw2",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer Coverage REST API Allows Server Side Request Forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-40625",
        "datePublished": "2025-06-10T14:49:05.368Z",
        "dateReserved": "2024-07-08T16:13:15.510Z",
        "dateUpdated": "2025-06-10T14:55:09.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-38524 (GCVE-0-2024-38524)

    Vulnerability from cvelistv5 – Published: 2025-06-10 14:43 – Updated: 2025-06-10 14:56
    VLAI
    Title
    GWC Home Page communicate version and revision information
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.26.0, < 2.26.2
    Affected: < 2.25.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:56:50.768148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T14:56:58.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.26.0, \u003c 2.26.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.25.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:43:04.590Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f"
            },
            {
              "name": "https://github.com/GeoWebCache/geowebcache/issues/1344",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/GeoWebCache/geowebcache/issues/1344"
            },
            {
              "name": "https://github.com/GeoWebCache/geowebcache/pull/1345",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/GeoWebCache/geowebcache/pull/1345"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8189",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8189"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11677",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11677"
            }
          ],
          "source": {
            "advisory": "GHSA-jm79-7xhw-6f6f",
            "discovery": "UNKNOWN"
          },
          "title": "GWC Home Page communicate version and revision information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-38524",
        "datePublished": "2025-06-10T14:43:04.590Z",
        "dateReserved": "2024-06-18T16:37:02.728Z",
        "dateUpdated": "2025-06-10T14:56:58.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34711 (GCVE-0-2024-34711)

    Vulnerability from cvelistv5 – Published: 2025-06-10 14:33 – Updated: 2025-06-10 15:08
    VLAI
    Title
    GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.25.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:08:02.959639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:08:27.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.25.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:33:18.872Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965"
            },
            {
              "name": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities"
            }
          ],
          "source": {
            "advisory": "GHSA-mc43-4fqr-c965",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-34711",
        "datePublished": "2025-06-10T14:33:18.872Z",
        "dateReserved": "2024-05-07T13:53:00.133Z",
        "dateUpdated": "2025-06-10T15:08:27.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29198 (GCVE-0-2024-29198)

    Vulnerability from cvelistv5 – Published: 2025-06-10 14:27 – Updated: 2025-06-17 19:12
    VLAI
    Title
    GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.0.0, < 2.24.4
    Affected: >= 2.25.0, < 2.25.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29198",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:34:24.822105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T19:12:00.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.24.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.25.0, \u003c 2.25.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T14:27:39.485Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11390",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11390"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11794",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11794"
            }
          ],
          "source": {
            "advisory": "GHSA-5gw5-jccf-6hxw",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29198",
        "datePublished": "2025-06-10T14:27:39.485Z",
        "dateReserved": "2024-03-18T17:07:00.095Z",
        "dateUpdated": "2025-06-17T19:12:00.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35230 (GCVE-0-2024-35230)

    Vulnerability from cvelistv5 – Published: 2024-12-16 22:18 – Updated: 2024-12-17 14:40
    VLAI
    Title
    Welcome and About GeoServer pages communicate version and revision information
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.0.0, < 2.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35230",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-17T14:39:46.671847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-17T14:40:36.212Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-16T22:18:19.896Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6"
            },
            {
              "name": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8"
            },
            {
              "name": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920"
            }
          ],
          "source": {
            "advisory": "GHSA-6pfc-w86r-54q6",
            "discovery": "UNKNOWN"
          },
          "title": "Welcome and About GeoServer pages communicate version and revision information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-35230",
        "datePublished": "2024-12-16T22:18:19.896Z",
        "dateReserved": "2024-05-14T15:39:41.785Z",
        "dateUpdated": "2024-12-17T14:40:36.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43795 (GCVE-0-2023-43795)

    Vulnerability from cvelistv5 – Published: 2023-10-24 22:14 – Updated: 2024-09-17 14:15
    Title
    WPS Server Side Request Forgery in GeoServer
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.22.5
    Affected: >= 2.23.0, < 2.23.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.081Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43795",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T13:52:43.998305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:15:26.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.22.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.23.0, \u003c 2.23.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T22:14:30.956Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
            }
          ],
          "source": {
            "advisory": "GHSA-5pr3-m5hm-9956",
            "discovery": "UNKNOWN"
          },
          "title": "WPS Server Side Request Forgery in GeoServer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-43795",
        "datePublished": "2023-10-24T22:14:30.956Z",
        "dateReserved": "2023-09-22T14:51:42.339Z",
        "dateUpdated": "2024-09-17T14:15:26.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41339 (GCVE-0-2023-41339)

    Vulnerability from cvelistv5 – Published: 2023-10-24 20:15 – Updated: 2024-09-11 18:00
    VLAI
    Title
    Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: < 2.22.5
    Affected: >= 2.23.0, < 2.23.2
    Create a notification for this product.
    geoserver geoserver Affected: 0 , < 2.22.5 (custom)
    Affected: 0 , < 2.23.2 (custom)
        cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:01:35.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
              },
              {
                "name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
              },
              {
                "name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "geoserver",
                "vendor": "geoserver",
                "versions": [
                  {
                    "lessThan": "2.22.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2.23.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T17:56:27.424894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T18:00:37.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.22.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.23.0, \u003c 2.23.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=\u003curl\u003e`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied \"dynamic styling\".  Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:15:17.428Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.22.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.22.5"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.23.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.23.2"
            }
          ],
          "source": {
            "advisory": "GHSA-cqpc-x2c6-2gmf",
            "discovery": "UNKNOWN"
          },
          "title": "Unsecured WMS dynamic styling sld=\u003curl\u003e parameter affords blind unauthenticated SSRF in GeoServer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-41339",
        "datePublished": "2023-10-24T20:15:17.428Z",
        "dateReserved": "2023-08-28T16:56:43.368Z",
        "dateUpdated": "2024-09-11T18:00:37.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25157 (GCVE-0-2023-25157)

    Vulnerability from cvelistv5 – Published: 2023-02-21 21:00 – Updated: 2025-03-10 21:07
    VLAI
    Title
    Unfiltered SQL Injection Vulnerabilities in Geoserver
    Summary
    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    geoserver geoserver Affected: >= 2.22.0, < 2.22.2
    Affected: < 2.21.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:18:35.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
              },
              {
                "name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T20:59:02.658010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T21:07:17.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "geoserver",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.22.0, \u003c 2.22.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.21.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols.  CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-21T21:00:13.392Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf"
            },
            {
              "name": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d"
            }
          ],
          "source": {
            "advisory": "GHSA-7g5f-wrx8-5ccf",
            "discovery": "UNKNOWN"
          },
          "title": "Unfiltered SQL Injection Vulnerabilities in Geoserver"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-25157",
        "datePublished": "2023-02-21T21:00:13.392Z",
        "dateReserved": "2023-02-03T16:59:18.243Z",
        "dateUpdated": "2025-03-10T21:07:17.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40822 (GCVE-0-2021-40822)

    Vulnerability from cvelistv5 – Published: 2022-05-01 23:17 – Updated: 2024-08-04 02:51
    Summary
    GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:51:07.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/releases"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-01T23:17:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-40822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/geoserver/geoserver/releases",
                  "refsource": "MISC",
                  "url": "https://github.com/geoserver/geoserver/releases"
                },
                {
                  "name": "https://osgeo-org.atlassian.net/browse/GEOS-10229",
                  "refsource": "MISC",
                  "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
                },
                {
                  "name": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
                },
                {
                  "name": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508",
                  "refsource": "MISC",
                  "url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-40822",
        "datePublished": "2022-05-01T23:17:25.000Z",
        "dateReserved": "2021-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:51:07.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }