MEDIUM 5.3 Maven
Welcome and About GeoServer pages communicate version and revision information
GHSA-6pfc-w86r-54q6 · CVE-2024-35230
Published · Modified
Description
Impact
The welcome and about page includes version and revision information about the software in use (including library and components used).
This information is sensitive from a security point of view because it allows software used by the server to be easily identified.
Proof of Concept
Welcome page footer:
About page build information.
Patches
No patch presently available.
Workarounds
No workaround available, although the ADMIN_CONSOLE can be disabled completely.
References
References
- WEB https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-35230
- WEB https://github.com/geoserver/geoserver/commit/5fd5f35ae176eff3cc4667a5cf48e4bf5dc4ea99
- WEB https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8
- WEB https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920
- PACKAGE https://github.com/geoserver/geoserver
Ready to move
Start Securing
Free, no credit card | First findings in minutes