Geonode
CVE-2023-40017
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.
AnalysisAI
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9. Affected products include: Geosolutionsgroup Geonode. Version information: through 4.1.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rat
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rat
GeoNode 4.0 before 4.4.5 and 5.0 before 5.0.2 contains a server-side request forgery vulnerability in the service regist
Server-side request forgery in GeoNode 4.0-4.4.4 and 5.0-5.0.1 allows authenticated users with document upload permissio
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rat
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today