- Description
- GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- geoserver
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-918
- Hype score
- Not currently trending
🚨 CVE-2024-29198 - high 🚨 GeoServer Demo Request Endpoint - Server Side Request Forgery > It is possible to achieve Server Side Request Forgery (SSRF) via the Demo request end... 👾 https://t.co/N2gwVlEtaa @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
17 Jul 2025
20 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
# CVE-2024-29198 https://t.co/swWhAqyxGl 非常直接暴力的修复方式,直接干掉TestWFSpost 端点。 https://t.co/68PppofTFH
@_r00tuser
17 Jun 2025
1452 Impressions
2 Retweets
15 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-29198 GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (… https://t.co/s2bleP5mvL
@CVEnew
10 Jun 2025
241 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF88E5A1-8701-48D6-9770-6AF7E83F9837",
"versionEndExcluding": "2.24.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B34DF6-4739-47A2-A8D0-9E63879F0858",
"versionEndExcluding": "2.25.2",
"versionStartIncluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]