CVE-2024-34711

{"id": "CVE-2024-34711", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}]}, "published": "2025-06-10T15:15:22.710", "references": [{"url": "https://docs.geoserver.org/latest/en/user/production/config.html#production-config-external-entities", "source": "security-advisories@github.com"}, {"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-611"}, {"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property."}, {"lang": "es", "value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de validaci\u00f3n de URI incorrecta que permite a un atacante no autorizado realizar un ataque de Entidades Externas XML (XEE) y enviar una solicitud GET a cualquier servidor HTTP. De forma predeterminada, GeoServer utiliza la clase PreventLocalEntityResolver de GeoTools para filtrar URI maliciosos en entidades XML antes de resolverlos. El URI debe coincidir con la expresi\u00f3n regular (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. Sin embargo, la expresi\u00f3n regular permite a los atacantes realizar solicitudes a cualquier servidor HTTP o archivo limitado. Un atacante puede aprovechar esto para escanear redes internas, obtener informaci\u00f3n sobre ellas y luego explotarla. GeoServer 2.25.0 y versiones posteriores utilizan ENTITY_RESOLUTION_ALLOWLIST de forma predeterminada y no requieren que se proporcione una propiedad del sistema."}], "lastModified": "2025-06-12T16:06:39.330", "sourceIdentifier": "security-advisories@github.com"}