CVE-2023-40017
Last modified
CVE-2023-40017 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Geosolutionsgroup | Geonode | >= 3.2.0, <= 4.1.2 |
References
- https://github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mrExploit, Third Party Advisory
- https://github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mrExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-40017?
How severe is CVE-2023-40017?
How do I fix CVE-2023-40017?
Are you affected by CVE-2023-40017?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST