Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.

Remediation

References

https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf

https://github.com/geoserver/geoserver/releases/tag/2.22.5

https://github.com/geoserver/geoserver/releases/tag/2.23.2

Related Vulnerabilities

CVE-2023-37466 Vulnerability in maven package org.webjars.npm:vm2

CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml

CVE-2023-26473 Vulnerability in maven package org.xwiki.platform:xwiki-platform-query-manager

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14

CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-web-api

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Mitigation Vendor Advisory Release Notes