CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23818 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
https://notcve.org/view.php?id=CVE-2024-23818
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue. GeoServer es un servidor de software de código abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. • https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2 https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f https://github.com/geoserver/geoserver/pull/7174 https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72 https://osgeo-org.atlassian.net/browse/GEOS-11153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23643 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
https://notcve.org/view.php?id=CVE-2024-23643
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue. GeoServer es un servidor de software de código abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. • https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0 https://github.com/GeoWebCache/geowebcache/issues/1172 https://github.com/GeoWebCache/geowebcache/pull/1174 https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23642 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
https://notcve.org/view.php?id=CVE-2024-23642
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue. GeoServer es un servidor de software de código abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. • https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00 https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe https://github.com/geoserver/geoserver/pull/7173 https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525 https://osgeo-org.atlassian.net/browse/GEOS-11152 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23640 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
https://notcve.org/view.php?id=CVE-2024-23640
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue. • https://github.com/geoserver/geoserver/pull/7162 https://github.com/geoserver/geoserver/pull/7181 https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf https://osgeo-org.atlassian.net/browse/GEOS-11149 https://osgeo-org.atlassian.net/browse/GEOS-11155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23634 – GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
https://notcve.org/view.php?id=CVE-2024-23634
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). • https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772 https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a https://github.com/geoserver/geoserver/pull/7289 https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx https://osgeo-org.atlassian.net/browse/GEOS-11213 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •