Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38524

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.

Published

2025-06-10T15:15:22.880

Last Modified

2025-08-26T16:22:42.437

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	osgeo	geoserver	< 2.25.6	Yes
Application	osgeo	geoserver	< 2.26.2	Yes

References

https://github.com/GeoWebCache/geowebcache/issues/1344 Issue Tracking ([email protected])
https://github.com/GeoWebCache/geowebcache/pull/1345 Patch ([email protected])
https://github.com/geoserver/geoserver/pull/8189 Patch ([email protected])
https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f Exploit, Third Party Advisory ([email protected])
https://osgeo-org.atlassian.net/browse/GEOS-11677 Issue Tracking, Patch ([email protected])