CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*

History

01 Nov 2023, 16:19

Type Values Removed Values Added
CWE CWE-918
References (MISC) https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 - (MISC) https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 - Mitigation, Vendor Advisory
CPE cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*
First Time Osgeo
Osgeo geoserver
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

25 Oct 2023, 18:17

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-25 18:17

Updated : 2024-02-28 20:33


NVD link : CVE-2023-43795

Mitre link : CVE-2023-43795

CVE.ORG link : CVE-2023-43795


JSON object : View

Products Affected

osgeo

  • geoserver
CWE
CWE-918

Server-Side Request Forgery (SSRF)