CVE-2021-40822 Information
Jun 07, 2022
cve
Description
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://github.com/geoserver/geoserver/releases https://github.com/geoserver/geoserver/compare/2.19.2…2.19.3 https://osgeo-org.atlassian.net/browse/GEOS-10229 https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: