What is CVE-2023-40017?

CVE-2023-40017 is a vulnerability in GeoNode that allows server-side request forgery, potentially enabling an attacker to port scan internal hosts and request internal resources.

GeoNode is an open source platform for creating, sharing, and collaborating on geospatial data.

What versions of GeoNode are affected by CVE-2023-40017?

Versions 3.2.0 through 4.1.2 of GeoNode are affected by CVE-2023-40017.

How severe is CVE-2023-40017?

CVE-2023-40017 has a severity rating of high (7.5).

How can I fix CVE-2023-40017?

To fix CVE-2023-40017, it is recommended to update GeoNode to a version that includes the fix or apply the necessary patch provided by the product vendor.

Vulnerability/
CVE-2023-40017

high

7.5

CWE

918

24/8/2023

2/10/2024

CVE-2023-40017: Geonode Server Side Request Forgery vulnerability

First published: Thu Aug 24 2023(Updated: )

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Geosolutionsgroup Geonode	>=3.2.0<=4.1.2

Remedy

https://github.com/GeoNode/geonode/commit/a9eebae80cb362009660a1fd49e105e7cdb499b9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-40017?
CVE-2023-40017 is a vulnerability in GeoNode that allows server-side request forgery, potentially enabling an attacker to port scan internal hosts and request internal resources.
What is GeoNode?
GeoNode is an open source platform for creating, sharing, and collaborating on geospatial data.
What versions of GeoNode are affected by CVE-2023-40017?
Versions 3.2.0 through 4.1.2 of GeoNode are affected by CVE-2023-40017.
How severe is CVE-2023-40017?
CVE-2023-40017 has a severity rating of high (7.5).
How can I fix CVE-2023-40017?
To fix CVE-2023-40017, it is recommended to update GeoNode to a version that includes the fix or apply the necessary patch provided by the product vendor.

collector/nvd-api
collector/nvd-index
agent/author
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/title
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/geosolutionsgroup
canonical/geosolutionsgroup geonode
version/geosolutionsgroup geonode/3.2.0
version/geosolutionsgroup geonode/4.1.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.