CVE-2024-29198
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-10

Last updated on: 2025-08-26

Assigner: GitHub, Inc.

Description
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-10
Last Modified
2025-08-26
Generated
2026-05-07
AI Q&A
2025-06-10
EPSS Evaluated
2026-05-05
NVD
CVE-2024-29198
EUVD
EUVD-2024-26218
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
osgeo geoserver From 2.0.0 (inc) to 2.24.4 (exc)
osgeo geoserver From 2.25.0 (inc) to 2.25.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can focus on identifying if the vulnerable TestWfsPost servlet endpoint is accessible and if the Proxy Base URL is unset. You can attempt to send crafted HTTP requests to the /TestWfsPost endpoint to see if the server processes them internally, indicating vulnerability. For example, using curl: curl -v http://<geoserver-host>/geoserver/TestWfsPost -d '<crafted request>' -H 'Content-Type: text/xml'. Monitoring outgoing requests from the server to internal or unexpected destinations may also indicate exploitation attempts. Network monitoring tools or logs can be used to detect unusual internal requests originating from GeoServer. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include: 1) If GeoServer is behind a proxy, set the PROXY_BASE_URL application property to a non-empty value that cannot be overridden by the user interface or incoming requests. 2) If GeoServer is not behind a proxy, block access to the /TestWfsPost/* endpoint by adding a security constraint in the web.xml file to deny access to this URL pattern. 3) Upgrade GeoServer to version 2.24.4 or 2.25.2, where the vulnerable TestWfsPost servlet has been removed. [1]


Can you explain this vulnerability to me?

CVE-2024-29198 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in GeoServer versions before 2.24.4 and between 2.25.0 and 2.25.2. It occurs in the TestWfsPost servlet endpoint when the Proxy Base URL is not set. This allows an unauthenticated attacker to send crafted requests through the server, which then makes these requests internally, potentially accessing internal network resources or sensitive data in cloud environments. The vulnerability does not require privileges or user interaction and impacts confidentiality. [1]


How can this vulnerability impact me? :

This vulnerability can allow an unauthenticated attacker to perform SSRF attacks through the GeoServer, enabling them to enumerate internal networks or access sensitive data in cloud environments. While it does not affect data integrity or availability, it has a high impact on confidentiality, potentially exposing sensitive internal resources or data. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart