CVE-2024-38524
MEDIUM5.3EPSS 0.66%GWC Home Page communicate version and revision information
Description
### Summary The GeoWebCache home page includes version and revision information about the software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. ### Details org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. ### PoC Just open http://localhost:8080/geoserver/gwc/ ### Impact In addition to exposing the version and revision information, the home page will expose the config file and storage locations which may expose the system's temp directory location and whether or not GeoServer is running in a Windows operating system. The approximate server start time and some basic GWC usage information is also exposed. ### References https://osgeo-org.atlassian.net/browse/GEOS-11677 https://github.com/geoserver/geoserver/pull/8189 https://github.com/GeoWebCache/geowebcache/issues/1344 https://github.com/GeoWebCache/geowebcache/pull/1345
Affected packages (2)
- Maven/org.geoserver:gs-gwc>= 2.26.0, < 2.26.2
- Maven/org.geoserver.web:gs-web-app>= 2.26.0, < 2.26.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-38524
- PATCHhttps://github.com/geoserver/geoserver
- WEBhttps://github.com/geoserver/geoserver/pull/8189
- WEBhttps://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f
- WEBhttps://github.com/GeoWebCache/geowebcache/issues/1344
- WEBhttps://github.com/GeoWebCache/geowebcache/pull/1345
- WEBhttps://osgeo-org.atlassian.net/browse/GEOS-11677