GeoServer 2.23.3 / 2.24.0 Arbitrary File Upload via REST Coverage Store API
CVE-2023-51444 Published on March 20, 2024
GeoServer arbitrary file upload vulnerability in REST Coverage Store API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue.
Vulnerability Analysis
CVE-2023-51444 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2023-51444. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Types
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2023-51444 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2023-51444
Want to know whenever a new CVE is published for Geoserver? stack.watch will email you.
Affected Versions
geoserver:- Version < 2.23.4 is affected.
- Version = 2.24.0 is affected.
- Before 2.23.4 is affected.
- Version 2.24.0 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2023-51444
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| maven | org.geoserver:gs-platform | < 2.23.4 | 2.23.4 |
| maven | org.geoserver:gs-restconfig | < 2.23.4 | 2.23.4 |
| maven | org.geoserver:gs-platform | = 2.24.0 | 2.24.1 |
| maven | org.geoserver:gs-restconfig | = 2.24.0 | 2.24.1 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.