Skip to main content

CVE-2024-29198: CWE-918: Server-Side Request Forgery (SSRF) in geoserver geoserver

High
VulnerabilityCVE-2024-29198cvecve-2024-29198cwe-918
Published: Tue Jun 10 2025 (06/10/2025, 14:27:39 UTC)
Source: CVE Database V5
Vendor/Project: geoserver
Product: geoserver

Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.

AI-Powered Analysis

AILast updated: 07/11/2025, 03:20:29 UTC

Technical Analysis

CVE-2024-29198 is a high-severity Server-Side Request Forgery (SSRF) vulnerability affecting GeoServer, an open-source Java-based server used for sharing and editing geospatial data. The vulnerability exists in the Demo request endpoint when the Proxy Base URL configuration is not set. An attacker can exploit this flaw to make the GeoServer instance send crafted HTTP requests to internal or external systems on behalf of the server, potentially accessing internal resources that are otherwise inaccessible from the outside. This SSRF vulnerability arises from improper validation and control of URLs that the server requests internally. The affected versions include GeoServer releases from 2.0.0 up to but not including 2.24.4, and from 2.25.0 up to but not including 2.25.2. The issue is resolved by upgrading to GeoServer 2.24.4 or 2.25.2, which remove the vulnerable TestWfsPost servlet responsible for this behavior. The CVSS v3.1 base score is 7.5, reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and a high impact on confidentiality but no impact on integrity or availability. No known exploits are currently reported in the wild. This vulnerability is classified under CWE-918, which covers SSRF issues where an attacker can abuse server functionality to induce the server to make HTTP requests to arbitrary domains, including internal networks.

Potential Impact

For European organizations, the impact of this SSRF vulnerability in GeoServer can be significant, especially for entities relying on geospatial data services such as government agencies, urban planning departments, environmental monitoring organizations, and private companies in sectors like transportation, utilities, and telecommunications. Exploiting this vulnerability could allow attackers to access sensitive internal network resources, potentially exposing confidential geospatial data or other internal services. This could lead to unauthorized data disclosure, reconnaissance for further attacks, or pivoting deeper into the network. Since GeoServer is often deployed in environments with sensitive or critical infrastructure data, the confidentiality breach could have regulatory and operational consequences. Additionally, the lack of required authentication and user interaction increases the risk of automated exploitation attempts. Although no active exploits are known yet, the widespread use of GeoServer in Europe and the high severity score suggest that organizations should prioritize remediation to avoid potential future attacks.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should immediately upgrade affected GeoServer instances to versions 2.24.4 or 2.25.2 or later, which remove the vulnerable TestWfsPost servlet. If upgrading is not immediately feasible, organizations should disable or restrict access to the Demo request endpoint and the TestWfsPost servlet to trusted internal networks only. Additionally, setting the Proxy Base URL configuration properly can prevent SSRF exploitation by restricting the URLs GeoServer can access internally. Network-level controls such as firewall rules should be implemented to limit outbound HTTP requests from the GeoServer host to only necessary destinations. Monitoring and logging HTTP requests originating from GeoServer can help detect suspicious activity. Finally, organizations should review their internal network segmentation and access controls to minimize the impact of any potential SSRF exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2024-03-18T17:07:00.095Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f561b0bd07c3938a482

Added to database: 6/10/2025, 6:54:14 PM

Last enriched: 7/11/2025, 3:20:29 AM

Last updated: 8/15/2025, 1:53:04 PM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats