CVE-2023-41339

moderate-risk

Published 2023-10-25

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.

Do I need to act?

0.20% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.6/10 High

NETWORK / LOW complexity

Affected Products (1)

Geoserver

Affected Vendors

Osgeo

References (6)

Release Notes https://github.com/geoserver/geoserver/releases/tag/2.22.5

Release Notes https://github.com/geoserver/geoserver/releases/tag/2.23.2

Mitigation https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf

Release Notes https://github.com/geoserver/geoserver/releases/tag/2.22.5

Release Notes https://github.com/geoserver/geoserver/releases/tag/2.23.2

Mitigation https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf

/ 100

moderate-risk

Severity 29/34 · Critical

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal