CVE-2023-51444
Published: 20 March 2024
Summary
CVE-2023-51444 is a high-severity Improper Input Validation (CWE-20) vulnerability in Geoserver Geoserver. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 10.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
GeoServer is an open source Java-based server for sharing and editing geospatial data. CVE-2023-51444 is an arbitrary file upload vulnerability affecting versions prior to 2.23.4 and 2.24.1. It resides in the REST Coverage Store API and stems from insufficient path traversal validation when coverage stores are configured with absolute paths; the Resource implementation used in that case accepts attacker-supplied file contents and locations, unlike the relative-path implementation that performs validation. The issue is tracked under CWE-20 and CWE-434 and carries a CVSS 3.1 score of 7.2.
An authenticated administrator who already possesses permissions to modify coverage stores can exploit the flaw to write arbitrary files to arbitrary locations on the server filesystem. Successful exploitation can result in remote code execution; the same vector also allows an administrator with limited privileges to overwrite GeoServer security configuration files and thereby escalate to full administrative control.
The official GeoServer security advisory GHSA-9v5q-2gwq-q9hq and the linked commits (ca683170 and fe235b3) state that the vulnerability is resolved in releases 2.23.4 and 2.24.1. The corresponding pull request and Jira ticket GEOS-11176 document the code changes that restore path validation for absolute-path coverage stores.
EPSS scores have remained low, with a current value of 0.0472 and a peak of 0.0516.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0890
Vulnerability details
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to…
more
modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.
Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.
Directly implements checks on information inputs to reject invalid data before processing.
Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.