{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T11:20:04.581","vulnerabilities":[{"cve":{"id":"CVE-2023-43795","sourceIdentifier":"security-advisories@github.com","published":"2023-10-25T18:17:32.180","lastModified":"2024-11-21T08:24:48.003","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."},{"lang":"es","value":"GeoServer es un servidor de software de código abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. La especificación del Servicio de procesamiento web (WPS) de OGC está diseñada para procesar información de cualquier servidor mediante solicitudes GET y POST. Esto presenta la oportunidad de falsificar solicitudes del lado del servidor. Esta vulnerabilidad ha sido parcheada en las versiones 2.22.5 y 2.23.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionEndExcluding":"2.22.5","matchCriteriaId":"0BB82E9C-10E3-41B9-AA40-80D45DC3989F"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionStartIncluding":"2.23.0","versionEndExcluding":"2.23.2","matchCriteriaId":"765C2F28-6A4F-42C4-AA52-D984D0F2F0A6"}]}]}],"references":[{"url":"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}