CVE-2023-41877

Name of the Vulnerable Software and Affected Versions GeoServer versions 2.23.4 and prior

Description A path traversal vulnerability requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage remote code execution or cause denial of service by overwriting key GeoServer files.

Recommendations For GeoServer versions 2.23.4 and prior, a system administrator responsible for running GeoServer can use the GEOSERVER LOG FILE setting to override any configuration option provided by the Global Settings page. The GEOSERVER LOG LOCATION parameter can be set as system property, environment variables, or servlet context parameters. For example, the environmental variable can be set using export GEOSERVER LOG LOCATION=/var/opt/geoserver/logs. Alternatively, the system property can be set using -DGEOSERVER LOG LOCATION=/var/opt/geoserver/logs. Additionally, the GEOSERVER LOG LOCATION parameter can be configured in the web application WEB-INF/web.xml or Tomcat conf/Catalina/localhost/geoserver.xml files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.