CVE-2023-42439

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-42439

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42439.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-42439

Aliases

Published

2023-09-15T21:15:11Z

Modified

2024-05-30T04:10:01.779451Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use @ or %40 as a credential to the host geoserver on port 8080, this will return the data to that host on the response. Version 4.1.3.post1 is the first available version that contains a patch.

References

Affected packages

Git / github.com/geonode/geonode

Affected ranges

Type: GIT
Repo: https://github.com/geonode/geonode
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

79ac6e70419c2e0261548bed91c159b54ff35b8d

Affected versions

1.*

1.0

1.0-RC1

1.0-RC2

1.0-RC3

1.0-RC4

1.0-beta

1.1

1.1-RC1

1.1-beta

1.1-beta2

1.1.1

1.2a1

1.2b1

2.*

2.0

2.0.0+beta8

2.0a6

2.0a7

2.0b1

2.0b10

2.0b11

2.0b12

2.0b13

2.0b14

2.0b15

2.0b16

2.0b18

2.0b19

2.0b21

2.0b22

2.0b24

2.0b25

2.0b26

2.0b27

2.0b28

2.0b29

2.0b30

2.0b31

2.0b32

2.0b33

2.0b34

2.0b35

2.0b36

2.0b37

2.0b38

2.0b39

2.0b40

2.0b41

2.0b42

2.0b43

2.0b44

2.0b45

2.0b46

2.0b47

2.0b48

2.0b49

2.0b5

2.0b50

2.0b51

2.0b52

2.0b53

2.0b54

2.0b57

2.0b58

2.0b59

2.0b6

2.0b60

2.0b61

2.0b62

2.0b63

2.0b64

2.0b7

2.0b8

2.0b9

2.0c1

2.0c10

2.0c12

2.0c13

2.0c2

2.0c3

2.0c4

2.0c5

2.0c6

2.0c7

2.0c8

2.10

2.10.3

2.10.4

2.10rc2

2.10rc4

2.10rc5

2.4

2.4.dev20141024171719

2.4a1

2.4a10

2.4a11

2.4a12

2.4a13

2.4a14

2.4a15

2.4a16

2.4a17

2.4a18

2.4a19

2.4a2

2.4a20

2.4a21

2.4a22

2.4a23

2.4a24

2.4a25

2.4a26

2.4a27

2.4a28

2.4a29

2.4a3

2.4a30

2.4a31

2.4a32

2.4a33

2.4a34

2.4a35

2.4a36

2.4a37

2.4a38

2.4a4

2.4a5

2.4a6

2.4a7

2.4a8

2.4a9

2.4b1

2.4b10

2.4b11

2.4b12

2.4b13

2.4b14

2.4b15

2.4b16

2.4b17

2.4b18

2.4b19

2.4b2

2.4b20

2.4b21

2.4b22

2.4b23

2.4b24

2.4b25

2.4b26

2.4b27

2.4b28

2.4b3

2.4b4

2.4b5

2.4b6

2.4b7

2.4b8

2.4b9

2.4c1

2.4c2

2.4c3

2.4c4

2.5.1

2.5.10

2.5.11

2.5.12

2.5.13

2.5.14

2.5.15

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.5.9

2.5.9+thefinal1

2.5.9+thefinal2

2.5.9+thefinal3

2.5.9+thefinal4

2.5.9+thefinal5

2.5.9.dev20170116091118

2.6

2.6.1

2.6a1

2.6b1

2.6c1

2.7.1.dev20171013111656

2.7.4.dev20171114153121

2.7.5.dev20180123112419

2.7.5.dev20180124154147

2.8rc10

2.8rc12

3.*

3.0

4.*

4.0.0

4.0.0post1

4.0.0rc0

4.0.0rc1

GeoNode-1.*

GeoNode-1.0

debian/2.*

debian/2.0.0+alpha0

debian/2.0.0+alpha4

debian/2.0.0+alpha6

debian/2.0.0+alpha7

debian/2.0.0+beta1

debian/2.0.0+beta10

debian/2.0.0+beta11

debian/2.0.0+beta12

debian/2.0.0+beta13

debian/2.0.0+beta15

debian/2.0.0+beta16

debian/2.0.0+beta18

debian/2.0.0+beta19

debian/2.0.0+beta21

debian/2.0.0+beta22

debian/2.0.0+beta24

debian/2.0.0+beta25

debian/2.0.0+beta26

debian/2.0.0+beta27

debian/2.0.0+beta28

debian/2.0.0+beta29

debian/2.0.0+beta30

debian/2.0.0+beta31

debian/2.0.0+beta32

debian/2.0.0+beta33

debian/2.0.0+beta34

debian/2.0.0+beta35

debian/2.0.0+beta36

debian/2.0.0+beta37

debian/2.0.0+beta38

debian/2.0.0+beta39

debian/2.0.0+beta40

debian/2.0.0+beta41

debian/2.0.0+beta42

debian/2.0.0+beta43

debian/2.0.0+beta44

debian/2.0.0+beta45

debian/2.0.0+beta46

debian/2.0.0+beta47

debian/2.0.0+beta48

debian/2.0.0+beta49

debian/2.0.0+beta5

debian/2.0.0+beta50

debian/2.0.0+beta51

debian/2.0.0+beta52

debian/2.0.0+beta53

debian/2.0.0+beta54

debian/2.0.0+beta57

debian/2.0.0+beta58

debian/2.0.0+beta59

debian/2.0.0+beta6

debian/2.0.0+beta60

debian/2.0.0+beta61

debian/2.0.0+beta62

debian/2.0.0+beta63

debian/2.0.0+beta64

debian/2.0.0+beta7

debian/2.0.0+beta9

debian/2.0.0+rc1

debian/2.0.0+rc10

debian/2.0.0+rc12

debian/2.0.0+rc13

debian/2.0.0+rc2

debian/2.0.0+rc3

debian/2.0.0+rc4

debian/2.0.0+rc5

debian/2.0.0+rc6

debian/2.0.0+rc7

debian/2.0.0+rc8

debian/2.0.0+thefinal0

debian/2.0.0+thefinal1

debian/2.0.0+thefinal2

debian/2.0.0+thefinal3

debian/2.0.0+thefinal4

debian/2.0.0+thefinal5

debian/2.0.0+thefinal6

debian/2.0.0+thefinal7

debian/2.0b54

debian/2.10.0+rc2

debian/2.10.0+rc4

debian/2.4.0+alpha1

debian/2.4.0+alpha10

debian/2.4.0+alpha11

debian/2.4.0+alpha12

debian/2.4.0+alpha13

debian/2.4.0+alpha14

debian/2.4.0+alpha15

debian/2.4.0+alpha16

debian/2.4.0+alpha17

debian/2.4.0+alpha18

debian/2.4.0+alpha19

debian/2.4.0+alpha2

debian/2.4.0+alpha20

debian/2.4.0+alpha21

debian/2.4.0+alpha22

debian/2.4.0+alpha23

debian/2.4.0+alpha24

debian/2.4.0+alpha25

debian/2.4.0+alpha26

debian/2.4.0+alpha27

debian/2.4.0+alpha28

debian/2.4.0+alpha29

debian/2.4.0+alpha3

debian/2.4.0+alpha30

debian/2.4.0+alpha31

debian/2.4.0+alpha32

debian/2.4.0+alpha33

debian/2.4.0+alpha34

debian/2.4.0+alpha35

debian/2.4.0+alpha36

debian/2.4.0+alpha37

debian/2.4.0+alpha38

debian/2.4.0+alpha4

debian/2.4.0+alpha5

debian/2.4.0+alpha6

debian/2.4.0+alpha7

debian/2.4.0+alpha8

debian/2.4.0+alpha9

debian/2.4.0+beta1

debian/2.4.0+beta10

debian/2.4.0+beta11

debian/2.4.0+beta12

debian/2.4.0+beta13

debian/2.4.0+beta14

debian/2.4.0+beta15

debian/2.4.0+beta16

debian/2.4.0+beta17

debian/2.4.0+beta18

debian/2.4.0+beta19

debian/2.4.0+beta2

debian/2.4.0+beta20

debian/2.4.0+beta21

debian/2.4.0+beta22

debian/2.4.0+beta23

debian/2.4.0+beta24

debian/2.4.0+beta25

debian/2.4.0+beta26

debian/2.4.0+beta27

debian/2.4.0+beta28

debian/2.4.0+beta3

debian/2.4.0+beta4

debian/2.4.0+beta5

debian/2.4.0+beta6

debian/2.4.0+beta7

debian/2.4.0+beta8

debian/2.4.0+beta9

debian/2.4.0+dev20141024171719

debian/2.4.0+rc1

debian/2.4.0+rc2

debian/2.4.0+rc3

debian/2.4.0+rc4

debian/2.4.0+thefinal0

debian/2.5.1+thefinal0

debian/2.5.10+thefinal0

debian/2.5.11+thefinal0

debian/2.5.12+thefinal0

debian/2.5.13+thefinal0

debian/2.5.14+thefinal0

debian/2.5.15+thefinal0

debian/2.5.2+thefinal0

debian/2.5.3+thefinal0

debian/2.5.4+thefinal0

debian/2.5.5+thefinal0

debian/2.5.6+thefinal0

debian/2.5.7+thefinal0

debian/2.5.9+dev20170116091118

debian/2.5.9+thefinal0

debian/2.5.9+thefinal1

debian/2.5.9+thefinal2

debian/2.5.9+thefinal3

debian/2.5.9+thefinal4

debian/2.5.9+thefinal5

debian/2.6.0+alpha1

debian/2.6.0+beta1

debian/2.6.0+rc1

debian/2.6.0+thefinal0

debian/2.6.1+thefinal0

debian/2.7.1+dev20171013111656

debian/2.7.4+dev20171114153121

debian/2.7.5+dev20180123112419

debian/2.7.5+dev20180124154147

debian/2.8.0+rc10

debian/2.8.0+rc12