CVE-2024-23634

CVSS 3.1 Score 6 of 10 (medium)

Details

Published Mar 20, 2024

Updated: Dec 17, 2024

CWE ID 73

CWE ID 20

Summary

CVE-2024-23634 is a vulnerability affecting GeoServer, an open-source Java software used for sharing and editing geospatial data. This issue, present in versions prior to 2.23.5 and 2.24.2, allows authenticated administrators to rename arbitrary files and directories through the REST Coverage Store or Data Store API. Though file extensions are modified to `.zip` upon upload, when using the external upload method, this vulnerability allows for the renaming of non-zip files. Renaming GeoServer files can lead to denial of service or resource deletion, while the impact of renaming non-GeoServer files depends on the specific environment. The vulnerability is resolved in versions 2.23.5 and 2.24.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

GeoServer

Affected Vendors

GeoServer

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners