CVE-2024-29198: GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set.
References
- github.com/advisories/GHSA-5gw5-jccf-6hxw
- github.com/geoserver/geoserver
- github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw
- nvd.nist.gov/vuln/detail/CVE-2021-40822
- nvd.nist.gov/vuln/detail/CVE-2024-29198
- osgeo-org.atlassian.net/browse/GEOS-11390
- osgeo-org.atlassian.net/browse/GEOS-11794
Code Behaviors & Features
Detect and mitigate CVE-2024-29198 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →