Sensitive Information Disclosure in GeoServer Versions
CVE-2024-35230
5.3MEDIUM
What is CVE-2024-35230?
CVE-2024-35230 is a critical vulnerability that affects GeoServer, an open-source Java-based server that facilitates the sharing and editing of geospatial data. The vulnerability stems from the exposure of version and revision details on the welcome and about pages of the affected software. This sensitive information can be exploited by attackers, allowing them to identify the specific libraries and components in use, which could heighten the risk of targeted attacks. Users of the affected versions are strongly advised to upgrade to GeoServer version 2.26.0 or later immediately, as no workarounds are available to mitigate this security concern. Protect your systems by ensuring you are running the latest version.
Affected Version(s)
geoserver >= 2.0.0, < 2.26.0