Description

GeoServer WMS allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of GeoServer

References

WPS Server Side Request Forgery

Unauthenticated Server Side Request Forgery & CRLF injection in Geoserver WMS

Related Vulnerabilities

MediaWiki CVE-2023-29140 Vulnerability (CVE-2023-29140)

PHP Out-of-bounds Read Vulnerability (CVE-2019-9021)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36287)

Oracle HTTP Server Other Vulnerability (CVE-1999-1125)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1100)

Severity

High

Classification

CVE-2023-43795 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:N

Tags

Acumonitor SSRF Known Vulnerabilities