PT-2022-11312 · Geoserver · Geoserver

Published

2022-05-01

Updated

2025-06-10

CVE-2021-40822

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GeoServer versions 2.18.5 and earlier GeoServer versions 2.19.x through 2.19.2

Description The issue allows for Server-Side Request Forgery (SSRF) via the option for setting a proxy host. This means an attacker could potentially force the server to make requests to arbitrary hosts, potentially leading to unauthorized access or information disclosure.

Recommendations For GeoServer versions 2.18.5 and earlier, update to a version later than 2.18.5. For GeoServer versions 2.19.x through 2.19.2, update to a version later than 2.19.2. As a temporary workaround, consider restricting access to the proxy host setting to minimize the risk of exploitation.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-40822

GHSA-5GW5-JCCF-6HXW

GHSA-RR33-J5P5-PPF8

Affected Products

Geoserver

PT-2022-11312 · Geoserver · Geoserver

CVE-2021-40822

Weakness Enumeration

Related Identifiers

Affected Products

References · 16