Vulnerability Report

CVE-2023-25157

Title: Osgeo Geoserver Injection (SQLi/OSi)

Injection (SQLi/OSi)

Proof Of Concept

PoC Available for CVE-2023-25157

CWE Category CWE-89
Published Date Feb 21, 2023
Modified Date Nov 21, 2024
Exploit Status Available
Score 9.8 CVSS v3.1
Exploit Probability (EPSS)
94.06%

Vulnerability Summary

CVE-2023-25157: GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.

Impacted Vendors

G
geoserver 1
O
osgeo 1

Reference Links

https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf
CVSS v3.1
Source Entity [email protected]
Severity CRITICAL
9.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v3.1
Source Entity [email protected]
Severity CRITICAL
9.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-25157 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/win3zz/CVE-2023-25157
View Code
GitHub https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
View Code
GitHub https://github.com/0x2458bughunt/CVE-2023-25157
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.