Home > Vulnerability Database > CVE-2024-35230

Mend.io Vulnerability Database

CVE-2024-35230

Good to know:

Date: December 16, 2024

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Java

Severity Score

5.3

Related Resources (7)

Url: https://github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920

Url: https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35230

Url: https://github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8

Url: https://github.com/geoserver/geoserver/commit/5fd5f35ae176eff3cc4667a5cf48e4bf5dc4ea99

Url: https://github.com/geoserver/geoserver

Url: https://www.mend.io/vulnerability-database/CVE-2024-35230

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version org.geoserver.web:gs-web-core:2.25.1;org.geoserver.web:gs-web-app:2.25.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35230

Good to know:

Date: December 16, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?