CVE-2024-23643
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-23643
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23643.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-23643
- Aliases
- Related
- Published
- 2024-03-20T18:15:09Z
- Modified
- 2025-09-19T14:57:17.317958Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue.
- References
Affected packages
Git / github.com/geoserver/geoserver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/geoserver/geoserver
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/geowebcache/geowebcache
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.7.2
0.8.3
1.*
1.0-RC0
1.0-RC1
1.0-alpha0
1.0-beta
1.0-beta0
1.0-beta1
1.0-beta2
1.0-beta3
1.10-M0
1.10-beta
1.11-beta
1.12-beta
1.13-beta
1.14-RC
1.15-M0
1.2.4
1.2.5_GS-2.1-RC3
1.24-RC
1.24.0
1.3-RC1
1.6.0-RC1
1.6.0-beta
1.7-beta
1.8-M0
1.8-beta
1.9-M0
1.9-beta2
gs-2.*
gs-2.1-RC1
pre-1.*
pre-1.2.3
Database specific
{
"vanir_signatures": [
{
"digest": {
"length": 1386.0,
"function_hash": "42998344771108785665986569415757111072"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-12d241c6",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makeModifiableParameters"
},
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"length": 243.0,
"function_hash": "316786741444268532952782687935776717723"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-2852d209",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makeBboxHints"
},
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"length": 586.0,
"function_hash": "65169380951516828534676053295034578259"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-3ba2137a",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makePullDown"
},
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"length": 194.0,
"function_hash": "302559899331592193270305573697388929999"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-60cb1afa",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makeTextInput"
},
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"length": 274.0,
"function_hash": "45387006254107262882320830035351828090"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-8bed70d6",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makeFormHeader"
},
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"93979938718773751060936394031467836123",
"310643145412387731512992554030513066875",
"211622064264291711784667007913932714635",
"3791499440987366965171917002893182911",
"129273459394609860575170234574855818408",
"102028833702634520780867230071373060147",
"278971589014696278401399321608422167422",
"94744169214263536521791709816318852949",
"279641879984668709823898754400064265155",
"61890675645805344781400538153118584729",
"153254155027776975195708872847140959104",
"315842623944455755548215884103063719902",
"257177593006535901182318598988908191908",
"326073728049471167829097673959637293250",
"177541466498260885031876481734671628328",
"295346807650403948430893428070286675869",
"61841128030416593581331169336508422141",
"137596443800521891141136305853140789399"
],
"threshold": 0.9
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-8ed7b879",
"target": {
"file": "geowebcache/rest/src/test/java/org/geowebcache/rest/service/FormServiceTest.java"
},
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"269938573382186786951016945646636246671",
"265157265714536407328987322436651653760",
"277124571602723453859954087539980357030",
"199228694861788965023119825879279740419",
"294335359778260425082913076128742639041",
"255061376914424309403511520046740238437",
"245472061167438038999889828057969881809",
"119147359685287957582064510071479528855",
"212973156504232613895268193721754871687",
"292551519160550688457635240996802329800",
"34047678213393139640589876124107069892",
"19104151004287412141008291466805544338",
"81556767105064515262307260254793860395",
"114600032886586036957693047762054360255",
"164637651468956879670824412536046898594",
"231755128488066808872590087434504710828",
"97526088373585645892649885622850166908",
"267084000257240915436271883425561033950",
"113184227472294577057541655265341795059",
"62546637589110175022093683413295177166",
"58877379529314794790292458270248185003",
"96251495931896907204535869107031769345",
"261080371609487726851160166146618131874",
"279788561061064905795244956968510663172",
"161026355040115903810951196907892759885",
"42915927053664266494151270736188170024",
"255773017474521577662209555754885647151",
"94355730301171613717502378379459203398",
"177795729496843079293484624211026267991",
"19189518630316713095603160780210717012",
"238429055871382882942496240298023576543",
"250419685088077638136836291140475006737",
"311782665316722392260689639279422680506",
"217631537322298366141500485033193773843",
"252856365276766477979198724991897976692",
"193619600158116700752819370904336000039",
"251716787505268595139764862125111859106",
"263588676859985231802383565519346212680",
"85784769200109169914635501802696909498",
"111028892646166377395460474026042700875",
"31569296075184229509639656001366901454",
"155330535343354223919340355691029035426",
"137234196611080129275850903106117546034",
"77434446034298803093761902602099364674",
"134401521186597077134759307768106069362",
"316302094059364777668509981861941056509",
"184356296550735268069795468146399327261",
"111709960011425644171016798913698465476",
"263123117828302512966654234846463708057",
"318524077112576449197388120434747378508",
"95956453803994533677495248312747330977",
"170834449323416614286764610041388488922",
"306818665918350291639013515904639134777",
"325733854384794610883950514630004311445",
"93366368095295527374364222818787095563",
"237779475706490605467030283887888970633",
"296730697915689974397369286546779267849",
"107764859773443520819145195472158183864",
"28257360267700577812784905773409174824",
"189781596590032975089387766255021029530",
"248404809515828198664205250328773325764",
"48423563783883417915395383439446787449",
"30204404380568493356799265198237275345",
"258835257837729165025559866901245522429"
],
"threshold": 0.9
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-92be4c03",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java"
},
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"length": 1835.0,
"function_hash": "75079430735591282713494245771847391258"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-d96b8ac1",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makeKillallThreadsForm"
},
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"length": 3122.0,
"function_hash": "28294691750523531300729948266107579800"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-d972dc41",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makeTaskList"
},
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"length": 424.0,
"function_hash": "223811769229096538937125139316850142466"
},
"source": "https://github.com/geowebcache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"signature_version": "v1",
"id": "CVE-2024-23643-f264362b",
"target": {
"file": "geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java",
"function": "makeThreadKillForm"
},
"signature_type": "Function",
"deprecated": false
}
]
}