Plataforma
java
Componente
geoserver
Corrigido em
2.0.1
2.25.1
CVE-2024-29198 describes a Service Side Request Forgery (SSRF) vulnerability discovered in GeoServer. This flaw allows attackers to potentially make requests to internal or external resources on behalf of the server, bypassing security controls. The vulnerability impacts GeoServer versions 2.0.0 through 2.25.1, and a fix is available in versions 2.24.4 and 2.25.2.
Successful exploitation of CVE-2024-29198 could allow an attacker to access sensitive internal resources that GeoServer has access to. This could include accessing internal APIs, databases, or other services that are not directly exposed to the internet. The attacker could potentially read or modify data, or even execute arbitrary code on the server, depending on the permissions granted to the GeoServer process. The blast radius extends to any internal systems accessible through the Proxy Base URL, making proper configuration crucial. A misconfigured Proxy Base URL effectively opens a backdoor for attackers.
CVE-2024-29198 was publicly disclosed on 2025-06-10. There is no indication of active exploitation at this time, and it is not currently listed on CISA KEV. Public proof-of-concept exploits are not yet available, but the SSRF nature of the vulnerability makes it likely that one will be developed. The vulnerability's ease of exploitation depends heavily on the configuration of the Proxy Base URL.
Organizations utilizing GeoServer for geospatial data sharing and editing, particularly those with default or improperly configured Proxy Base URLs, are at risk. Shared hosting environments where multiple GeoServer instances share the same server and configuration are also particularly vulnerable, as a compromise of one instance could potentially impact others.
• java / server:
ps aux | grep geoserver• java / server:
journalctl -u geoserver | grep "Proxy Base URL"• generic web:
curl -I http://<geoserver_ip>/demo• generic web:
grep -r "Proxy Base URL=" /opt/geoserver/conf/geoserver.xmldisclosure
Status do Exploit
EPSS
6.44% (percentil 91%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-29198 is to upgrade GeoServer to version 2.24.4 or 2.25.2. If upgrading immediately is not possible, ensure the Proxy Base URL is explicitly configured and restricted to only allow access to trusted resources. This prevents the server from making requests to arbitrary external URLs. Consider implementing a Web Application Firewall (WAF) with rules to block requests to the /demo endpoint or requests originating from untrusted sources. Regularly review GeoServer’s configuration to ensure the Proxy Base URL is properly secured.
Atualize GeoServer para a versão 2.24.4 ou 2.25.2 ou superior. Estas versões corrigem a vulnerabilidade SSRF no servlet TestWfsPost. Como medida alternativa, configure a Proxy Base URL para mitigar o risco se não puder atualizar imediatamente.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-29198 is a Service Side Request Forgery vulnerability in GeoServer versions 2.0.0 through 2.25.1. It allows attackers to potentially make requests to internal resources on behalf of the server if the Proxy Base URL is not configured.
If you are running GeoServer versions 2.0.0 through 2.25.1 and have not explicitly configured the Proxy Base URL, you are potentially affected by this vulnerability.
Upgrade GeoServer to version 2.24.4 or 2.25.2. Alternatively, configure the Proxy Base URL to restrict access to trusted resources.
There is currently no indication of active exploitation of CVE-2024-29198.
Please refer to the official GeoServer security advisory for CVE-2024-29198 on the GeoServer website.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.