Описание
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
Summary
Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint.
Mitigation
To manage the proxy base value as a system administrator, use the parameter PROXY_BASE_URL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith.
Resolution
The TestWfsPost has been replaced in GeoServer 2.25.2 and GeoServer 2.24.4 with a JavaScript Demo Requests page to test OGC Web Services.
References
- CVE-2024-29198 Unauthenticated SSRF via TestWfsPost
Пакеты
Наименование
org.geoserver:gs-wfs
maven
Затронутые версииВерсия исправления
>= 1.0.0, < 2.24.4
2.24.4
Наименование
org.geoserver:gs-wfs
maven
Затронутые версииВерсия исправления
>= 2.25.0, < 2.25.2
2.25.2
7.5 High
CVSS3
Дефекты
CWE-918
7.5 High
CVSS3
Дефекты
CWE-918