CVE-2024-38524
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-08-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osgeo | geoserver | to 2.25.6 (exc) |
| osgeo | geoserver | From 2.26.0 (inc) to 2.26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-38524 is a moderate severity vulnerability in GeoServer's GeoWebCache home page where sensitive server information such as software version, configuration files, storage locations, environment details, and usage statistics are exposed to any user without proper access restrictions. This exposure happens because the GeoWebCacheDispatcher.handleFrontPage method does not adequately hide this information, and the only partial protection is a hidden system property that defaults to showing storage locations. An attacker can remotely access this information without any privileges or user interaction, which can help them identify software versions and system details to facilitate further attacks. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive internal server information to unauthorized users remotely without any authentication. Attackers can use this information, such as software versions, configuration details, and storage paths, to identify potential weaknesses or plan targeted attacks against your GeoServer instance. Although it does not directly allow modification or disruption, the information disclosure can aid attackers in exploiting other vulnerabilities or misconfigurations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by accessing the GeoWebCache home page URL on the affected GeoServer instance and checking if sensitive information such as software version, revision details, configuration files, storage locations, and environment details are exposed without authentication. A simple test command is to perform an HTTP GET request to the URL http://<server>:8080/geoserver/gwc/ (replace <server> with your GeoServer host). For example, using curl: curl http://localhost:8080/geoserver/gwc/ If the response contains sensitive server information without requiring authentication, the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade GeoServer to version 2.26.2 or 2.25.6 or later, where the issue is fixed. These versions restrict access to sensitive information on the GeoWebCache home page to authenticated administrative users only. If upgrading immediately is not possible, consider restricting network access to the GeoWebCache home page URL to trusted users only, for example by firewall rules or web server access controls, to prevent unauthorized remote access. Additionally, review and configure any system properties that control the visibility of storage locations, although the default is to show them and the fix relies on proper access control. [1, 2, 3]