CVE-2023-40017

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 24, 2023

Updated: Aug 30, 2023

CWE ID 918

Summary

CVE-2023-40017 affects versions 3.2.0 to 4.1.2 of GeoNode, an open-source geospatial data platform. The vulnerability lies in the `/proxy/?url=` endpoint, which fails to protect against server-side request forgery (SSRF). An attacker exploiting this flaw can conduct port scans and request information from internal hosts, potentially leading to unauthorized access or data leaks. A patch is available, implemented in commit a9eebae80cb362009660a1fd49e105e7cdb499b9.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sQ8ees
https://www.cve.org/CVERecord?id=CVE-2023-40017
https://nvd.nist.gov/vuln/detail/CVE-2023-40017

Back to Vulnerability Database

CVE-2023-40017

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations