CVE-2024-27091

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27091
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27091.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27091
Aliases
  • GHSA-rwcv-whm8-fmxm
Published
2024-03-27T13:15:47Z
Modified
2024-10-08T04:12:21.525789Z
Summary
[none]
Details

GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3.

References

Affected packages

Git / github.com/geonode/geonode

Affected ranges

Type
GIT
Repo
https://github.com/geonode/geonode
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0
1.0-RC1
1.0-RC2
1.0-RC3
1.0-RC4
1.0-beta
1.1
1.1-RC1
1.1-beta
1.1-beta2
1.1.1
1.2a1
1.2b1

2.*

2.0
2.0.0+beta8
2.0a6
2.0a7
2.0b1
2.0b10
2.0b11
2.0b12
2.0b13
2.0b14
2.0b15
2.0b16
2.0b18
2.0b19
2.0b21
2.0b22
2.0b24
2.0b25
2.0b26
2.0b27
2.0b28
2.0b29
2.0b30
2.0b31
2.0b32
2.0b33
2.0b34
2.0b35
2.0b36
2.0b37
2.0b38
2.0b39
2.0b40
2.0b41
2.0b42
2.0b43
2.0b44
2.0b45
2.0b46
2.0b47
2.0b48
2.0b49
2.0b5
2.0b50
2.0b51
2.0b52
2.0b53
2.0b54
2.0b57
2.0b58
2.0b59
2.0b6
2.0b60
2.0b61
2.0b62
2.0b63
2.0b64
2.0b7
2.0b8
2.0b9
2.0c1
2.0c10
2.0c12
2.0c13
2.0c2
2.0c3
2.0c4
2.0c5
2.0c6
2.0c7
2.0c8
2.10
2.10.3
2.10.4
2.10rc2
2.10rc4
2.10rc5
2.4
2.4.dev20141024171719
2.4a1
2.4a10
2.4a11
2.4a12
2.4a13
2.4a14
2.4a15
2.4a16
2.4a17
2.4a18
2.4a19
2.4a2
2.4a20
2.4a21
2.4a22
2.4a23
2.4a24
2.4a25
2.4a26
2.4a27
2.4a28
2.4a29
2.4a3
2.4a30
2.4a31
2.4a32
2.4a33
2.4a34
2.4a35
2.4a36
2.4a37
2.4a38
2.4a4
2.4a5
2.4a6
2.4a7
2.4a8
2.4a9
2.4b1
2.4b10
2.4b11
2.4b12
2.4b13
2.4b14
2.4b15
2.4b16
2.4b17
2.4b18
2.4b19
2.4b2
2.4b20
2.4b21
2.4b22
2.4b23
2.4b24
2.4b25
2.4b26
2.4b27
2.4b28
2.4b3
2.4b4
2.4b5
2.4b6
2.4b7
2.4b8
2.4b9
2.4c1
2.4c2
2.4c3
2.4c4
2.5.1
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.9
2.5.9+thefinal1
2.5.9+thefinal2
2.5.9+thefinal3
2.5.9+thefinal4
2.5.9+thefinal5
2.5.9.dev20170116091118
2.6
2.6.1
2.6a1
2.6b1
2.6c1
2.7.1.dev20171013111656
2.7.4.dev20171114153121
2.7.5.dev20180123112419
2.7.5.dev20180124154147
2.8rc10
2.8rc12

3.*

3.0

4.*

4.0.0
4.0.0post1
4.0.0rc0
4.0.0rc1
4.2.0
4.2.1
4.2.2

GeoNode-1.*

GeoNode-1.0

debian/2.*

debian/2.0.0+alpha0
debian/2.0.0+alpha4
debian/2.0.0+alpha6
debian/2.0.0+alpha7
debian/2.0.0+beta1
debian/2.0.0+beta10
debian/2.0.0+beta11
debian/2.0.0+beta12
debian/2.0.0+beta13
debian/2.0.0+beta15
debian/2.0.0+beta16
debian/2.0.0+beta18
debian/2.0.0+beta19
debian/2.0.0+beta21
debian/2.0.0+beta22
debian/2.0.0+beta24
debian/2.0.0+beta25
debian/2.0.0+beta26
debian/2.0.0+beta27
debian/2.0.0+beta28
debian/2.0.0+beta29
debian/2.0.0+beta30
debian/2.0.0+beta31
debian/2.0.0+beta32
debian/2.0.0+beta33
debian/2.0.0+beta34
debian/2.0.0+beta35
debian/2.0.0+beta36
debian/2.0.0+beta37
debian/2.0.0+beta38
debian/2.0.0+beta39
debian/2.0.0+beta40
debian/2.0.0+beta41
debian/2.0.0+beta42
debian/2.0.0+beta43
debian/2.0.0+beta44
debian/2.0.0+beta45
debian/2.0.0+beta46
debian/2.0.0+beta47
debian/2.0.0+beta48
debian/2.0.0+beta49
debian/2.0.0+beta5
debian/2.0.0+beta50
debian/2.0.0+beta51
debian/2.0.0+beta52
debian/2.0.0+beta53
debian/2.0.0+beta54
debian/2.0.0+beta57
debian/2.0.0+beta58
debian/2.0.0+beta59
debian/2.0.0+beta6
debian/2.0.0+beta60
debian/2.0.0+beta61
debian/2.0.0+beta62
debian/2.0.0+beta63
debian/2.0.0+beta64
debian/2.0.0+beta7
debian/2.0.0+beta9
debian/2.0.0+rc1
debian/2.0.0+rc10
debian/2.0.0+rc12
debian/2.0.0+rc13
debian/2.0.0+rc2
debian/2.0.0+rc3
debian/2.0.0+rc4
debian/2.0.0+rc5
debian/2.0.0+rc6
debian/2.0.0+rc7
debian/2.0.0+rc8
debian/2.0.0+thefinal0
debian/2.0.0+thefinal1
debian/2.0.0+thefinal2
debian/2.0.0+thefinal3
debian/2.0.0+thefinal4
debian/2.0.0+thefinal5
debian/2.0.0+thefinal6
debian/2.0.0+thefinal7
debian/2.0b54
debian/2.10.0+rc2
debian/2.10.0+rc4
debian/2.4.0+alpha1
debian/2.4.0+alpha10
debian/2.4.0+alpha11
debian/2.4.0+alpha12
debian/2.4.0+alpha13
debian/2.4.0+alpha14
debian/2.4.0+alpha15
debian/2.4.0+alpha16
debian/2.4.0+alpha17
debian/2.4.0+alpha18
debian/2.4.0+alpha19
debian/2.4.0+alpha2
debian/2.4.0+alpha20
debian/2.4.0+alpha21
debian/2.4.0+alpha22
debian/2.4.0+alpha23
debian/2.4.0+alpha24
debian/2.4.0+alpha25
debian/2.4.0+alpha26
debian/2.4.0+alpha27
debian/2.4.0+alpha28
debian/2.4.0+alpha29
debian/2.4.0+alpha3
debian/2.4.0+alpha30
debian/2.4.0+alpha31
debian/2.4.0+alpha32
debian/2.4.0+alpha33
debian/2.4.0+alpha34
debian/2.4.0+alpha35
debian/2.4.0+alpha36
debian/2.4.0+alpha37
debian/2.4.0+alpha38
debian/2.4.0+alpha4
debian/2.4.0+alpha5
debian/2.4.0+alpha6
debian/2.4.0+alpha7
debian/2.4.0+alpha8
debian/2.4.0+alpha9
debian/2.4.0+beta1
debian/2.4.0+beta10
debian/2.4.0+beta11
debian/2.4.0+beta12
debian/2.4.0+beta13
debian/2.4.0+beta14
debian/2.4.0+beta15
debian/2.4.0+beta16
debian/2.4.0+beta17
debian/2.4.0+beta18
debian/2.4.0+beta19
debian/2.4.0+beta2
debian/2.4.0+beta20
debian/2.4.0+beta21
debian/2.4.0+beta22
debian/2.4.0+beta23
debian/2.4.0+beta24
debian/2.4.0+beta25
debian/2.4.0+beta26
debian/2.4.0+beta27
debian/2.4.0+beta28
debian/2.4.0+beta3
debian/2.4.0+beta4
debian/2.4.0+beta5
debian/2.4.0+beta6
debian/2.4.0+beta7
debian/2.4.0+beta8
debian/2.4.0+beta9
debian/2.4.0+dev20141024171719
debian/2.4.0+rc1
debian/2.4.0+rc2
debian/2.4.0+rc3
debian/2.4.0+rc4
debian/2.4.0+thefinal0
debian/2.5.1+thefinal0
debian/2.5.10+thefinal0
debian/2.5.11+thefinal0
debian/2.5.12+thefinal0
debian/2.5.13+thefinal0
debian/2.5.14+thefinal0
debian/2.5.15+thefinal0
debian/2.5.2+thefinal0
debian/2.5.3+thefinal0
debian/2.5.4+thefinal0
debian/2.5.5+thefinal0
debian/2.5.6+thefinal0
debian/2.5.7+thefinal0
debian/2.5.9+dev20170116091118
debian/2.5.9+thefinal0
debian/2.5.9+thefinal1
debian/2.5.9+thefinal2
debian/2.5.9+thefinal3
debian/2.5.9+thefinal4
debian/2.5.9+thefinal5
debian/2.6.0+alpha1
debian/2.6.0+beta1
debian/2.6.0+rc1
debian/2.6.0+thefinal0
debian/2.6.1+thefinal0
debian/2.7.1+dev20171013111656
debian/2.7.4+dev20171114153121
debian/2.7.5+dev20180123112419
debian/2.7.5+dev20180124154147
debian/2.8.0+rc10
debian/2.8.0+rc12