CVE-2023-43795

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 25, 2023

Updated: Nov 1, 2023

CWE ID 918

Summary

CVE-2023-43795 affects GeoServer, an open-source Java-based geospatial software server. The OGC Web Processing Service (WPS) in GeoServer, which processes information using GET and POST requests, is vulnerable to Server Side Request Forgery. This issue allows attackers to manipulate server-side operations by crafting malicious requests. The vulnerability has been addressed in versions 2.22.5 and 2.23.2 of GeoServer, and users are advised to update their installations promptly to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Osgeo Geoserver

Affected Vendors

OSGeo

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swxusp
https://www.cve.org/CVERecord?id=CVE-2023-43795
https://nvd.nist.gov/vuln/detail/CVE-2023-43795

Back to Vulnerability Database