Main Vulnerability Database Vulnerabilities #VU129744

Information disclosure in geoserver - CVE-2024-34696

Published: July 1, 2024 / Updated: May 5, 2026

Vulnerability identifier: #VU129744

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-34696

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
geoserver

Software vendor:
geoserver

Description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to exposure of sensitive information in the Server Status page and REST API endpoint when handling status requests. A remote privileged user can access the status message to disclose sensitive information.

User interaction is required, and the precise scope depends on the deployment environment and configuration.

Remediation

Install security update from vendor's website.

External links

https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf

Information disclosure in geoserver - CVE-2024-34696

Description

Remediation

External links

Please verify you're human