CVE-2024-40625

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.0

Description The issue concerns the Coverage REST API, specifically the endpoint "/workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format}", which allows attackers to upload files with a specified URL when the {method} equals 'url' without any restrictions. This vulnerability presents an opportunity for Server Side Request Forgery. The API endpoint does not properly check the provided URL, which should be validated using the URL Checks feature.

Recommendations For versions prior to 2.26.0, update to version 2.26.0 or later to resolve the issue. As a temporary workaround, consider adding URL checks, such as using URLCheckers.confirm(fileURL), to validate the file URL before uploading. Restrict access to the vulnerable API endpoint until the update is applied.