Plattform
java
Komponente
geoserver
Behoben in
2.0.1
2.25.1
CVE-2024-29198 describes a Service Side Request Forgery (SSRF) vulnerability discovered in GeoServer. This flaw allows attackers to potentially make requests to internal or external resources on behalf of the server, bypassing security controls. The vulnerability impacts GeoServer versions 2.0.0 through 2.25.1, and a fix is available in versions 2.24.4 and 2.25.2.
Successful exploitation of CVE-2024-29198 could allow an attacker to access sensitive internal resources that GeoServer has access to. This could include accessing internal APIs, databases, or other services that are not directly exposed to the internet. The attacker could potentially read or modify data, or even execute arbitrary code on the server, depending on the permissions granted to the GeoServer process. The blast radius extends to any internal systems accessible through the Proxy Base URL, making proper configuration crucial. A misconfigured Proxy Base URL effectively opens a backdoor for attackers.
CVE-2024-29198 was publicly disclosed on 2025-06-10. There is no indication of active exploitation at this time, and it is not currently listed on CISA KEV. Public proof-of-concept exploits are not yet available, but the SSRF nature of the vulnerability makes it likely that one will be developed. The vulnerability's ease of exploitation depends heavily on the configuration of the Proxy Base URL.
Organizations utilizing GeoServer for geospatial data sharing and editing, particularly those with default or improperly configured Proxy Base URLs, are at risk. Shared hosting environments where multiple GeoServer instances share the same server and configuration are also particularly vulnerable, as a compromise of one instance could potentially impact others.
• java / server:
ps aux | grep geoserver• java / server:
journalctl -u geoserver | grep "Proxy Base URL"• generic web:
curl -I http://<geoserver_ip>/demo• generic web:
grep -r "Proxy Base URL=" /opt/geoserver/conf/geoserver.xmldisclosure
Exploit-Status
EPSS
6.44% (91% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-29198 is to upgrade GeoServer to version 2.24.4 or 2.25.2. If upgrading immediately is not possible, ensure the Proxy Base URL is explicitly configured and restricted to only allow access to trusted resources. This prevents the server from making requests to arbitrary external URLs. Consider implementing a Web Application Firewall (WAF) with rules to block requests to the /demo endpoint or requests originating from untrusted sources. Regularly review GeoServer’s configuration to ensure the Proxy Base URL is properly secured.
Aktualisieren Sie GeoServer auf Version 2.24.4 oder 2.25.2 oder höher. Diese Versionen beheben die SSRF-Schwachstelle im TestWfsPost-Servlet. Als alternative Maßnahme konfigurieren Sie die Proxy Base URL, um das Risiko zu mindern, wenn ein sofortiges Update nicht möglich ist.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-29198 is a Service Side Request Forgery vulnerability in GeoServer versions 2.0.0 through 2.25.1. It allows attackers to potentially make requests to internal resources on behalf of the server if the Proxy Base URL is not configured.
If you are running GeoServer versions 2.0.0 through 2.25.1 and have not explicitly configured the Proxy Base URL, you are potentially affected by this vulnerability.
Upgrade GeoServer to version 2.24.4 or 2.25.2. Alternatively, configure the Proxy Base URL to restrict access to trusted resources.
There is currently no indication of active exploitation of CVE-2024-29198.
Please refer to the official GeoServer security advisory for CVE-2024-29198 on the GeoServer website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.