CVE-2023-51444

Summary

CVE-2023-51444 is a vulnerability affecting GeoServer, an open-source Java-based geospatial software server. This issue permits authenticated administrators with modification permissions to exploit an arbitrary file upload flaw in versions prior to 2.23.4 and 2.24.1 via the REST Coverage Store API. By uploading arbitrary file contents, attackers can potentially execute remote code. The risk is heightened for coverage stores configured using absolute paths, which do not have path traversal validation. A successful exploitation can lead to full administrator privileges for an attacker with limited initial access. Versions 2.23.4 and 2.24.1 have patches available to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.