Sensitive Information Disclosure in GeoServer Versions
CVE-2024-35230

5.3MEDIUM

Key Information:

Vendor

Geoserver

Status
Vendor
CVE Published:
16 December 2024

What is CVE-2024-35230?

CVE-2024-35230 is a critical vulnerability that affects GeoServer, an open-source Java-based server that facilitates the sharing and editing of geospatial data. The vulnerability stems from the exposure of version and revision details on the welcome and about pages of the affected software. This sensitive information can be exploited by attackers, allowing them to identify the specific libraries and components in use, which could heighten the risk of targeted attacks. Users of the affected versions are strongly advised to upgrade to GeoServer version 2.26.0 or later immediately, as no workarounds are available to mitigate this security concern. Protect your systems by ensuring you are running the latest version.

Affected Version(s)

geoserver >= 2.0.0, < 2.26.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.