CVE-2024-38524

Medium CVSS: 5.3

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.

Vendor

Osgeo

Product

Geoserver

CWE

CWE-200

Yayın Tarihi

2025-06-10 15:15:22

Güncelleme

2025-08-26 16:22:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Geoserver MEDIUM Osgeo 2025

Referanslar

https://github.com/GeoWebCache/geowebcache/issues/1344 https://github.com/GeoWebCache/geowebcache/pull/1345 https://github.com/geoserver/geoserver/pull/8189 https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f https://osgeo-org.atlassian.net/browse/GEOS-11677

Benzer Kayıtlar

Medium

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a h…

High

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to re…

High

CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive Property…

High

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be…

Medium

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspace…

Medium

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the def…