
We found results for “”
CVE-2024-38524
Good to know:

Date: June 10, 2025
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200Top Fix

Upgrade Version
Upgrade to version org.geoserver.web:gs-web-app:2.26.2;org.geoserver.web:gs-web-app:2.25.6;org.geoserver:gs-gwc:2.26.2;org.geoserver:gs-gwc:2.25.6;https://github.com/geoserver/geoserver.git - 2.25.6;https://github.com/geoserver/geoserver.git - 2.26.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |