Vulnerabilities > CVE-2021-40822 - Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3
- https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3
- https://github.com/geoserver/geoserver/releases
- https://github.com/geoserver/geoserver/releases
- https://osgeo-org.atlassian.net/browse/GEOS-10229
- https://osgeo-org.atlassian.net/browse/GEOS-10229
- https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508
- https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508