GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-24T22:45:48.502Z
Updated: 2024-08-02T18:24:54.685Z
Reserved: 2023-08-08T13:46:25.242Z
Link: CVE-2023-40017
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-24T23:15:09.097
Modified: 2023-08-30T17:48:12.503
Link: CVE-2023-40017
Redhat
No data.