From 4c34ef9f25c5bd28f065d4d99533471e0e805114 Mon Sep 17 00:00:00 2001 From: Serki Ashagre <132869385+LSerki@users.noreply.github.com> Date: Thu, 4 Jul 2024 13:54:44 +0800 Subject: [PATCH] GeoServer Urgent Advisory - 20240704002 (#845) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * SolarWinds Releases Patches for Access Rights Manager vulnerabilities - 20240219001 * Format markdown files * Format markdown files * Junos OS RCE Vulnerability - 20240226002 * Format markdown files * Windows Themes Spoofing Vulnerability - 20240308003 * Format markdown files * Windows Themes Spoofing Vulnerability - 20240308003 - edited * Akamai Kubernetes Vulnerability - 20240318002 * Format markdown files * CISA Releases Multiple Critical Infrastructure Related Advisories - 20240327001 * Format markdown files * PGAdmin Remote Code Execution Vulnerability - 20240408001 * Format markdown files * Update 20240408001-PGAdmin-Remote-Code-Execution-Vulnerability.md FIxing tables * Format markdown files * Palo Alto Networks PAN-OS Command Injection Vulnerability added to CISA Known Exploited Catalog - 20240415001 * Format markdown files * Palo Alto Networks PAN-OS Command Injection Vulnerability added to CISA Known Exploited Catalog - 20240415001 * Format markdown files * Update 20240415001-PaloAlto-Networks-PAN-OS-Command-Injection-Vulnerability-added-to-CISA-Known-Exploited-Catalog.md Added older versions updates and Zero day notes * Format markdown files * Google Chrome Multiple RCE Vulnerabilities - 20240418002 * Format markdown docs * Remove duplicate 20240415001-PaloAlto * Update 20240418002-Google-Chrome-Multiple-RCE-Vulnerabilities.md Reviewed and Approved * Format markdown docs * Libreswan Popular VPN Software Vulnerability - 20240419004 * Format markdown docs * Update 20240419004-Libreswan-Popular-VPN-Software-Vulnerability.md Fix table * Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - 20240422002 * Format markdown docs * Update 20240422002-Microsoft-Edge-Chromium-based-Security-Feature-Bypass-Vulnerability.md fix tables * Windows Kernel Elevation of Privilege Vulnerability - 20240429001 * Format markdown docs * Update 20240429001-Windows-Kernel-Elevation-of-Privilege-Vulnerability.md fixing table * Acrobat Reader Vulnerability - 20240503003 * Format markdown docs * Google Chrome Arbitrary Code Execution Multiple Vulnerabilities - 20240509001 * Format markdown docs * Update 20240509001-Google-Chrome-Arbitrary-Code-Execution-Multiple-Vulnerabilities.md Fix table * Microsoft Edge (Chromium-based) Spoofing Vulnerability - 20240513003 * Format markdown docs * Update 20240513003-Microsoft-Edge-Chromium-based-Spoofing-Vulnerability.md Fix table * Cacti Command Injection and XSS Vulnerabilities - 20240516004 * Format markdown docs * Ivanti EPMM Vulnerability - 20240523002 * Format markdown docs * Ivanti EPMM Vulnerability - 20240523002 * Ivanti EPMM Vulnerability - 20240523002 * Ivanti Endpoint Manager GetRulesetsSQL SQL Injection RCE Vulnerability - 20240527003 * Format markdown docs * Update 20240527003-Ivanti-Endpoint-Manager-GetRulesetsSQL-SQL-Injection-RCE-Vulnerability.md Reduce size of title * WordPress Plugin Vulnerabilities - 20240626003 * Format markdown docs * GeoServer Urgent Advisory - 20240704002 * Format markdown docs --------- Co-authored-by: GitHub Actions Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> Co-authored-by: LSerki Co-authored-by: DGovEnterprise --- .../20240704002-GeoServer-Urgent-Advisory.md | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 docs/advisories/20240704002-GeoServer-Urgent-Advisory.md diff --git a/docs/advisories/20240704002-GeoServer-Urgent-Advisory.md b/docs/advisories/20240704002-GeoServer-Urgent-Advisory.md new file mode 100644 index 00000000..b1900a83 --- /dev/null +++ b/docs/advisories/20240704002-GeoServer-Urgent-Advisory.md @@ -0,0 +1,20 @@ +# GeoServer Urgent Advisory - 20240704002 + +## Overview + +A severe security flaw has been discovered in GeoServer. This vulnerability could potentially allow attackers to execute arbitrary code on affected servers, putting sensitive mapping and location data at risk. + +## What is vulnerable? + +| Products Affected. | CVE | CVSS | Severity | +| ----------------------------------------- | ----------------------------------------------------------------- | ---- | ------------ | +| **GeoServer: All versions before 2.25.2** | [CVE-2024-36401](https://nvd.nist.gov/vuln/detail/CVE-2024-36401) | 9.8 | **Critical** | +| **GeoServer: All versions before 2.25.2** | [CVE-2024-24749](https://nvd.nist.gov/vuln/detail/CVE-2024-24749) | 7.5 | **High** | +| **GeoServer: All versions before 2.25.2** | [CVE-2024-34696](https://nvd.nist.gov/vuln/detail/CVE-2024-34696) | 4.9 | **Medium** | +| **GeoServer: All versions before 2.25.2** | [CVE-2024-35230](https://nvd.nist.gov/vuln/detail/CVE-2024-35230) | TBD | **TBD** | + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)): + +- https://geoserver.org/announcements/vulnerability/2024/06/18/geoserver-2-25-2-released.html