{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29198", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-18T17:07:00.095Z", "datePublished": "2025-06-10T14:27:39.485Z", "dateUpdated": "2025-06-17T19:12:00.664Z"}, "containers": {"cna": {"title": "GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw"}, {"name": "https://osgeo-org.atlassian.net/browse/GEOS-11390", "tags": ["x_refsource_MISC"], "url": "https://osgeo-org.atlassian.net/browse/GEOS-11390"}, {"name": "https://osgeo-org.atlassian.net/browse/GEOS-11794", "tags": ["x_refsource_MISC"], "url": "https://osgeo-org.atlassian.net/browse/GEOS-11794"}], "affected": [{"vendor": "geoserver", "product": "geoserver", "versions": [{"version": ">= 2.0.0, < 2.24.4", "status": "affected"}, {"version": ">= 2.25.0, < 2.25.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-10T14:27:39.485Z"}, "descriptions": [{"lang": "en", "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."}], "source": {"advisory": "GHSA-5gw5-jccf-6hxw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-10T14:34:24.822105Z", "id": "CVE-2024-29198", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T19:12:00.664Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29198", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-10T14:34:24.822105Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T14:34:59.250Z"}}], "cna": {"title": "GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost", "source": {"advisory": "GHSA-5gw5-jccf-6hxw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "geoserver", "product": "geoserver", "versions": [{"status": "affected", "version": ">= 2.0.0, < 2.24.4"}, {"status": "affected", "version": ">= 2.25.0, < 2.25.2"}]}], "references": [{"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw", "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://osgeo-org.atlassian.net/browse/GEOS-11390", "name": "https://osgeo-org.atlassian.net/browse/GEOS-11390", "tags": ["x_refsource_MISC"]}, {"url": "https://osgeo-org.atlassian.net/browse/GEOS-11794", "name": "https://osgeo-org.atlassian.net/browse/GEOS-11794", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-10T14:27:39.485Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29198", "state": "PUBLISHED", "dateUpdated": "2025-06-17T19:12:00.664Z", "dateReserved": "2024-03-18T17:07:00.095Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-10T14:27:39.485Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF88E5A1-8701-48D6-9770-6AF7E83F9837", "versionEndExcluding": "2.24.4", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "72B34DF6-4739-47A2-A8D0-9E63879F0858", "versionEndExcluding": "2.25.2", "versionStartIncluding": "2.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."}, {"lang": "es", "value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Es posible realizar Service Side Request Forgery (SSRF) a trav\u00e9s del endpoint de la solicitud de demostraci\u00f3n si no se ha configurado la URL base del proxy. La actualizaci\u00f3n a GeoServer 2.24.4 o 2.25.2 elimina el servlet TestWfsPost, lo que soluciona este problema."}], "id": "CVE-2024-29198", "lastModified": "2025-08-26T16:25:00.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-06-10T15:15:22.140", "references": [{"source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw"}, {"source": "[email protected]", "tags": ["Issue Tracking"], "url": "https://osgeo-org.atlassian.net/browse/GEOS-11390"}, {"source": "[email protected]", "tags": ["Permissions Required"], "url": "https://osgeo-org.atlassian.net/browse/GEOS-11794"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Primary"}]}

{}