Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02cGZjLXc4NnItNTRxNs4ABCgV
Welcome and About GeoServer pages communicate version and revision information
Impact
The welcome and about page includes version and revision information about the software in use (including library and components used).
This information is sensitive from a security point of view because it allows software used by the server to be easily identified.
Proof of Concept
-
Welcome page footer:
-
About page build information.
Patches
No patch presently available.
Workarounds
No workaround available, although the ADMIN_CONSOLE can be disabled completely.
References
Permalink: https://github.com/advisories/GHSA-6pfc-w86r-54q6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cGZjLXc4NnItNTRxNs4ABCgV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 30 days ago
Updated: 29 days ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Percentage: 0.00045
EPSS Percentile: 0.17541
Identifiers: GHSA-6pfc-w86r-54q6, CVE-2024-35230
References:
- https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6
- https://github.com/geoserver/geoserver/commit/5fd5f35ae176eff3cc4667a5cf48e4bf5dc4ea99
- https://nvd.nist.gov/vuln/detail/CVE-2024-35230
- https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8
- https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920
- https://github.com/advisories/GHSA-6pfc-w86r-54q6
Blast Radius: 1.0
Affected Packages
maven:org.geoserver.web:gs-web-core
Affected Version Ranges: >= 2.0.0, < 2.25.1Fixed in: 2.25.1
maven:org.geoserver.web:gs-web-app
Affected Version Ranges: >= 2.0.0, < 2.25.1Fixed in: 2.25.1