Описание
Coverage REST API Server Side Request Forgery
Summary
The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url') with no restrict.
Details
The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url'). But this url has not been check with URL Checks feature.
For example, should add the code below to check fileURL:
The vulnerable code was RESTUtils.java
Impact
This vulnerability presents the opportunity for Server Side Request Forgery.
References
Пакеты
org.geoserver:gs-rest
< 2.26.0
2.26.0
org.geoserver.web:gs-web-app
< 2.26.0
2.26.0
Связанные уязвимости
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
Уязвимость компонента Coverage программного обеспечения для администрирования и публикации геоданных на сервере OSGeo GeoServer, позволяющая нарушителю загружать произвольные файлы