Coverage REST API Server Side Request Forgery

GHSA-r4hf-r8gj-jgw2 · CVE-2024-40625

Published Jun 10, 2025 · Modified Jun 10, 2025

Description

Summary

The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url') with no restrict.

Details

The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url'). But this url has not been check with URL Checks feature.

For example, should add the code below to check fileURL:

URLCheckers.confirm(fileURL)

The vulnerable code was RESTUtils.java

Impact

This vulnerability presents the opportunity for Server Side Request Forgery.

References

https://osgeo-org.atlassian.net/browse/GEOS-11468
https://osgeo-org.atlassian.net/browse/GEOS-11717

References

WEB https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-40625
PACKAGE https://github.com/geoserver/geoserver
WEB https://osgeo-org.atlassian.net/browse/GEOS-11468
WEB https://osgeo-org.atlassian.net/browse/GEOS-11717

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes