Vulnerability Details : CVE-2023-41339
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.
Vulnerability category: Server-side request forgery (SSRF)
Products affected by CVE-2023-41339
- cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-41339
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-41339
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
3.9
|
4.7
|
GitHub, Inc. |
CWE ids for CVE-2023-41339
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2023-41339
-
https://github.com/geoserver/geoserver/releases/tag/2.23.2
Release 2.23.2 · geoserver/geoserver · GitHubRelease Notes
-
https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF · Advisory · geoserver/geoserver · GitHubMitigation;Vendor Advisory
-
https://github.com/geoserver/geoserver/releases/tag/2.22.5
Release 2.22.5 · geoserver/geoserver · GitHubRelease Notes
Jump to