Plataforma
java
Componente
geoserver
Corregido en
2.0.1
2.25.1
CVE-2024-29198 describes a Service Side Request Forgery (SSRF) vulnerability discovered in GeoServer. This flaw allows attackers to potentially make requests to internal or external resources on behalf of the server, bypassing security controls. The vulnerability impacts GeoServer versions 2.0.0 through 2.25.1, and a fix is available in versions 2.24.4 and 2.25.2.
Successful exploitation of CVE-2024-29198 could allow an attacker to access sensitive internal resources that GeoServer has access to. This could include accessing internal APIs, databases, or other services that are not directly exposed to the internet. The attacker could potentially read or modify data, or even execute arbitrary code on the server, depending on the permissions granted to the GeoServer process. The blast radius extends to any internal systems accessible through the Proxy Base URL, making proper configuration crucial. A misconfigured Proxy Base URL effectively opens a backdoor for attackers.
CVE-2024-29198 was publicly disclosed on 2025-06-10. There is no indication of active exploitation at this time, and it is not currently listed on CISA KEV. Public proof-of-concept exploits are not yet available, but the SSRF nature of the vulnerability makes it likely that one will be developed. The vulnerability's ease of exploitation depends heavily on the configuration of the Proxy Base URL.
Organizations utilizing GeoServer for geospatial data sharing and editing, particularly those with default or improperly configured Proxy Base URLs, are at risk. Shared hosting environments where multiple GeoServer instances share the same server and configuration are also particularly vulnerable, as a compromise of one instance could potentially impact others.
• java / server:
ps aux | grep geoserver• java / server:
journalctl -u geoserver | grep "Proxy Base URL"• generic web:
curl -I http://<geoserver_ip>/demo• generic web:
grep -r "Proxy Base URL=" /opt/geoserver/conf/geoserver.xmldisclosure
Estado del Exploit
EPSS
6.44% (91% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2024-29198 is to upgrade GeoServer to version 2.24.4 or 2.25.2. If upgrading immediately is not possible, ensure the Proxy Base URL is explicitly configured and restricted to only allow access to trusted resources. This prevents the server from making requests to arbitrary external URLs. Consider implementing a Web Application Firewall (WAF) with rules to block requests to the /demo endpoint or requests originating from untrusted sources. Regularly review GeoServer’s configuration to ensure the Proxy Base URL is properly secured.
Actualice GeoServer a la versión 2.24.4 o 2.25.2 o superior. Estas versiones corrigen la vulnerabilidad SSRF en el servlet TestWfsPost. Como medida alternativa, configure la Proxy Base URL para mitigar el riesgo si no puede actualizar inmediatamente.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2024-29198 is a Service Side Request Forgery vulnerability in GeoServer versions 2.0.0 through 2.25.1. It allows attackers to potentially make requests to internal resources on behalf of the server if the Proxy Base URL is not configured.
If you are running GeoServer versions 2.0.0 through 2.25.1 and have not explicitly configured the Proxy Base URL, you are potentially affected by this vulnerability.
Upgrade GeoServer to version 2.24.4 or 2.25.2. Alternatively, configure the Proxy Base URL to restrict access to trusted resources.
There is currently no indication of active exploitation of CVE-2024-29198.
Please refer to the official GeoServer security advisory for CVE-2024-29198 on the GeoServer website.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo pom.xml y te decimos al instante si estás afectado.