Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-8g7v-vjrc-x4g5

Опубликовано: 20 мар. 2024
Источник: github
Github: Прошло ревью
CVSS3: 7.2

Описание

GeoServer log file path traversal vulnerability

Impact

This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location.

This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause denial of service by overwriting key GeoServer files.

Patches

As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not yet attracted a volunteer or resources.

Interested parties are welcome to contact geoserver-security@lists.osgeo.org for recommendations on developing a fix.

Workarounds

A system administrator responsible for running GeoServer can define the GEOSERVER_LOG_FILE parameter, preventing the global setting provided from being used.

The GEOSERVER_LOG_LOCATION parameter can be set as system property, environment variable, or servlet context parameter.

Environmental variable:

export GEOSERVER_LOG_LOCATION=/var/opt/geoserver/logs

System property:

-DGEOSERVER_LOG_LOCATION=/var/opt/geoserver/logs

Web application WEB-INF/web.xml:

<context-param> <param-name> GEOSERVER_LOG_LOCATION </param-name> <param-value>/var/opt/geoserver/logs</param-value> </context-param>

Tomcat conf/Catalina/localhost/geoserver.xml:

<Context> <Parameter name="GEOSERVER_LOG_LOCATION" value="/var/opt/geoserver/logs" override="false"/> </Context>

References

Ссылки

Пакеты

Наименование

org.geoserver:gs-main

maven
Затронутые версииВерсия исправления

<= 2.23.4

Отсутствует

EPSS

Процентиль: 79%
0.01221
Низкий

7.2 High

CVSS3

CVE ID

CVE-2023-41877

Дефекты

CWE-22

Связанные уязвимости

nvd логотип

CVE-2023-41877

CVSS3: 7.2
nvd
почти 2 года назад

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters.

EPSS

Процентиль: 79%
0.01221
Низкий

7.2 High

CVSS3

CVE ID

CVE-2023-41877

Дефекты

CWE-22