CVE-2023-43795 – This vulnerability in GeoServer's OGC Web Proce... (How to Fix)

Q: What is the severity of CVE-2023-43795?

CVE-2023-43795 has a CVSS score of 8.6 (HIGH). This vulnerability in GeoServer's OGC Web Processing Service (WPS) allows Server-Side Request Forgery (SSRF), enabling attackers to make unauthorized requests from the server to internal or external systems. It affects all GeoServer installations with WPS enabled. Organizations using vulnerable GeoServer versions for geospatial data sharing are at risk.

📋 TL;DR

This vulnerability in GeoServer's OGC Web Processing Service (WPS) allows Server-Side Request Forgery (SSRF), enabling attackers to make unauthorized requests from the server to internal or external systems. It affects all GeoServer installations with WPS enabled. Organizations using vulnerable GeoServer versions for geospatial data sharing are at risk.

💻 Affected Systems

Products:

GeoServer

Versions: All versions before 2.22.5 and 2.23.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WPS service to be enabled (enabled by default in many configurations).

📦 What is this software?

Geoserver by Osgeo

View all CVEs affecting Geoserver →

Geoserver by Osgeo

View all CVEs affecting Geoserver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network via SSRF to access sensitive internal services, data exfiltration, or lateral movement.

🟠

Likely Case

Unauthorized access to internal services, data leakage, or denial of service through resource exhaustion.

🟢

If Mitigated

Limited impact if network segmentation restricts internal access and WPS is disabled or properly configured.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities typically have low exploitation complexity when unauthenticated access is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.22.5 or 2.23.2

Vendor Advisory: https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956

Restart Required: Yes

Instructions:

1. Download GeoServer 2.22.5 or 2.23.2 from official sources. 2. Backup current installation. 3. Replace with patched version. 4. Restart GeoServer service.

🔧 Temporary Workarounds

Disable WPS Service

all

Completely disable the Web Processing Service if not required.

Edit web.xml to remove WPS servlet mapping or set wps.enabled=false in configuration

Network Segmentation

all

Restrict GeoServer's network access to prevent SSRF to sensitive systems.

Configure firewall rules to limit outbound connections from GeoServer

🧯 If You Can't Patch

Implement strict network segmentation to isolate GeoServer from sensitive internal systems
Deploy web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check GeoServer version and verify WPS is enabled in configuration.

Check Version:

Check WEB-INF/version.txt or use admin interface at /geoserver/web/

Verify Fix Applied:

Confirm version is 2.22.5 or 2.23.2 via admin interface or version file.

📡 Detection & Monitoring

Log Indicators:

Unusual WPS request patterns
Requests to internal IP addresses from GeoServer logs

Network Indicators:

GeoServer making unexpected outbound connections to internal services

SIEM Query:

source="geoserver" AND (uri="*wps*" OR method="POST") AND dest_ip IN (internal_ranges)

📊 Metadata

CVE ID: CVE-2023-43795

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-918

Published: October 25, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 Mitigation,Vendor Advisory
https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43795, you might also want to check these: