CVE-2023-43795 Vulnerability Details

  /     /     /  

CVE-2023-43795 Metadata Quick Info

CVE Published: 24/10/2023 | CVE Updated: 17/09/2024 | CVE Year: 2023
Source: GitHub_M | Vendor: geoserver | Product: geoserver
Status : PUBLISHED

---

CVE-2023-43795 Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

Metrics

CVSS Version: 3.1 | Base Score: 8.6 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-918
CWE Name: CWE-918: Server-Side Request Forgery (SSRF)
Source: geoserver

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).