CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23634 – GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
https://notcve.org/view.php?id=CVE-2024-23634
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before ... • https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51445 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
https://notcve.org/view.php?id=CVE-2023-51445
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full adm... • https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 17%CPEs: 2EXPL: 0CVE-2023-51444 – GeoServer arbitrary file upload vulnerability in REST Coverage Store API
https://notcve.org/view.php?id=CVE-2023-51444
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implem... • https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 2%CPEs: 1EXPL: 0CVE-2023-41877 – GeoServer log file path traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-41877
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has... • https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5786 – GeoServer GeoWebCache rest.html direct request
https://notcve.org/view.php?id=CVE-2023-5786
26 Oct 2023 — A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. • https://github.com/Qxyday/GeoServe---unauthorized • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 22%CPEs: 1EXPL: 0CVE-2023-35042
https://notcve.org/view.php?id=CVE-2023-35042
12 Jun 2023 — GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version. • https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24846 – Unchecked JNDI lookups in GeoWebCache
https://notcve.org/view.php?id=CVE-2022-24846
14 Apr 2022 — GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local configuration file, in GeoServer a user interface is provided to perform the same, that can be accessed remotely, and requires admin-level login to be used. These lookup are unrestricted in scope and can lead to code ex... • https://github.com/GeoWebCache/geowebcache/security/advisories/GHSA-4v22-v8jp-438r • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2008-7227
https://notcve.org/view.php?id=CVE-2008-7227
14 Sep 2009 — PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors. PartialBufferOutputStream2 de GeoServer anterior a v1.6.1 y v1.7.0-beta1, intenta renovar los contenidos del búfer incluso cuando está trabajando un "búfer en memoria", esto evita que se muestren las excepciones en este servicio, lo que tiene un impacto y vectores de ... • http://jira.codehaus.org/browse/GEOS-1747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •