US government warns of possible security issue with popular geospatial data platform

A computer being guarded by cybersecurity.

(Image credit: iStock)

The US government has warned its agencies of critical software vulnerabilities being exploited in a top geospatial data platform.

Found by security researcher Steve Ikeoka, the flaws affect the OSGeo GeoServer GeoTools, an open source software server used to share and edit geospatial data.

The US Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability, tracked as CVE-2024-36401, and carrying a severity score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalog, which means it is being abused by threat actors, and urged them to apply the patch by August 5, 2024.

Remote Code Execution

By custom-tailoring specific inputs, threat actors can abuse the flaws in the software to trigger remote code execution (RCE), it was said.

"Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions," OSGeo said in a security advisory published with the patch.

The patched versions are 2.23.6, 2.24.4, and 2.25.2, and CISA has given federal agencies until August 5 to update the software or stop using it.

The warning does not state who the threat actors are, nor who the victims are. GeoServer said the flaw is "confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests."

The nature of open-source projects make it impossible to determine how many people might be affected, but we do know that OSGeo, GeoServer, and GeoTools have a large and active user base. The tools are widely used in various industries, including government, academia, and private sector, for geospatial data management, analysis, and visualization. The vibrant communities, frequent contributions, and widespread adoption by prominent organizations all point to their significant and growing usage.

Via TheHackerNews

More from TechRadar Pro

Most codebases contain a huge amount of open source vulnerabilities
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.