Description
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2018-2634 Vulnerability (CVE-2018-2634)
TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-55945)
WordPress Plugin Gigya-Social Infrastructure Cross-Site Scripting (1.1.8)
MySQL CVE-2014-6489 Vulnerability (CVE-2014-6489)
Oracle Database Server CVE-2014-6547 Vulnerability (CVE-2014-6547)