CVE-2023-25157 – Unfiltered SQL Injection Vulnerabilities in Geoserver
https://notcve.org/view.php?id=CVE-2023-25157
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse. • https://github.com/dr-cable-tv/Geoserver-CVE-2023-25157 https://github.com/win3zz/CVE-2023-25157 https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158 https://github.com/0x2458bughunt/CVE-2023-25157 https://github.com/7imbitz/CVE-2023-25157-checker https://github.com/Rubikcuv5/CVE-2023-25157 https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-40822
https://notcve.org/view.php?id=CVE-2021-40822
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. GeoServer versiones hasta 2.18.5 y versiones 2.19.x hasta 2.19.2, permite un ataque de tipo SSRF por medio de la opción de establecer un host proxy • https://github.com/phor3nsic/CVE-2021-40822 https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3 https://github.com/geoserver/geoserver/releases https://osgeo-org.atlassian.net/browse/GEOS-10229 https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-24847 – Improper Input Validation in GeoServer
https://notcve.org/view.php?id=CVE-2022-24847
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. • https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh • CWE-20: Improper Input Validation CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVE-2008-7227
https://notcve.org/view.php?id=CVE-2008-7227
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors. PartialBufferOutputStream2 de GeoServer anterior a v1.6.1 y v1.7.0-beta1, intenta renovar los contenidos del búfer incluso cuando está trabajando un "búfer en memoria", esto evita que se muestren las excepciones en este servicio, lo que tiene un impacto y vectores de ataque desconocidos. • http://jira.codehaus.org/browse/GEOS-1747 http://osvdb.org/43266 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •