CVE-2023-43795 - Vulnerability Details - OpenCVE

Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

Published: 2023-10-24

Score: 8.6 High

EPSS: 89.5% High

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

geoserver

geoserver

affected

Version	Status	Constraints
`< 2.22.5`	affected	—
`>= 2.23.0, < 2.23.2`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:osgeo:geoserver::::::::
	cpe:2.3:a:osgeo:geoserver::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-5pr3-m5hm-9956	WPS Server Side Request Forgery vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.89488.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Osgeo Geoserver

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-24T22:14:30.956Z

Updated: 2024-09-17T14:15:26.074Z

Reserved: 2023-09-22T14:51:42.339Z

Link: CVE-2023-43795

Vulnrichment

Updated: 2024-08-02T19:52:11.081Z

NVD

Status : Modified

Published: 2023-10-25T18:17:32.180

Modified: 2024-11-21T08:24:48.003

Link: CVE-2023-43795

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43795", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-22T14:51:42.339Z", "datePublished": "2023-10-24T22:14:30.956Z", "dateUpdated": "2024-09-17T14:15:26.074Z"}, "containers": {"cna": {"title": "WPS Server Side Request Forgery in GeoServer", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"}], "affected": [{"vendor": "geoserver", "product": "geoserver", "versions": [{"version": "< 2.22.5", "status": "affected"}, {"version": ">= 2.23.0, < 2.23.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-24T22:14:30.956Z"}, "descriptions": [{"lang": "en", "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."}], "source": {"advisory": "GHSA-5pr3-m5hm-9956", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.081Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T13:52:43.998305Z", "id": "CVE-2023-43795", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:15:26.074Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956", "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.081Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43795", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T13:52:43.998305Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:15:22.459Z"}}], "cna": {"title": "WPS Server Side Request Forgery in GeoServer", "source": {"advisory": "GHSA-5pr3-m5hm-9956", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "geoserver", "product": "geoserver", "versions": [{"status": "affected", "version": "< 2.22.5"}, {"status": "affected", "version": ">= 2.23.0, < 2.23.2"}]}], "references": [{"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956", "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-24T22:14:30.956Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43795", "state": "PUBLISHED", "dateUpdated": "2024-09-17T14:15:26.074Z", "dateReserved": "2023-09-22T14:51:42.339Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-24T22:14:30.956Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BB82E9C-10E3-41B9-AA40-80D45DC3989F", "versionEndExcluding": "2.22.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "765C2F28-6A4F-42C4-AA52-D984D0F2F0A6", "versionEndExcluding": "2.23.2", "versionStartIncluding": "2.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."}, {"lang": "es", "value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. La especificaci\u00f3n del Servicio de procesamiento web (WPS) de OGC est\u00e1 dise\u00f1ada para procesar informaci\u00f3n de cualquier servidor mediante solicitudes GET y POST. Esto presenta la oportunidad de falsificar solicitudes del lado del servidor. Esta vulnerabilidad ha sido parcheada en las versiones 2.22.5 y 2.23.2."}], "id": "CVE-2023-43795", "lastModified": "2024-11-21T08:24:48.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-25T18:17:32.180", "references": [{"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}