CVE-2023-51444

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.23.4 and 2.24.1

Description An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the "REST Coverage Store API" to upload arbitrary file contents to arbitrary file locations, which can lead to remote code execution. Coverage stores configured using relative paths have validation to prevent path traversal, but those using absolute paths do not. This issue can lead to executing arbitrary code, and an administrator with limited privileges could potentially exploit it to overwrite GeoServer security files and obtain full administrator privileges. Over 73,743 instances may be at risk.

Recommendations For versions prior to 2.23.4, update to version 2.23.4 or later. For versions prior to 2.24.1, update to version 2.24.1 or later. As a temporary workaround, consider restricting access to the REST Coverage Store API to minimize the risk of exploitation. Avoid using absolute paths for coverage stores until the issue is resolved.