CVE-2023-40017
CVSS V2 None
CVSS V3 None
Description
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.
Overview
- CVE ID
- CVE-2023-40017
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-08-24T22:45:48.502Z
- Last Modified Date
- 2023-08-24T22:45:48.502Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mr | x_refsource_CONFIRM |
| https://github.com/GeoNode/geonode/commit/a9eebae80cb362009660a1fd49e105e7cdb499b9 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-40017 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40017 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 02:02:16 | Added to TrackCVE |