Miggo Logo
Miggo Vulnerability Database
CVE-2021-40822

CVE-2021-40822:
GeoServer allows SSRF via the option for setting a proxy host

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-40822
GHSA ID
GHSA-rr33-j5p5-ppf8
EPSS Score
0.99639%
CWE
CWE-918
Published
5/3/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.geoserver:gs-mainmaven<= 2.18.5
org.geoserver:gs-mainmaven>= 2.19.0, <= 2.19.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper validation of proxy host configurations. GeoServer's security subsystem handles proxy settings through components like ProxyAuthentication and SecurityManager. The high-confidence entry point is in ProxyAuthenticator.configure where proxy parameters are applied to HTTP clients. The medium-confidence entry in SecurityManager relates to persistence of potentially tainted configuration data. While exact code references are unavailable, these components align with the SSRF pattern described and GeoServer's security architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**oS*rv*r t*rou** *.**.* *n* *.**.x t*rou** *.**.* *llows SSR* vi* t** option *or s*ttin* * proxy *ost.

Reasoning

T** vuln*r**ility st*ms *rom improp*r `v*li**tion` o* proxy *ost *on*i*ur*tions. **oS*rv*r's s**urity su*syst*m **n*l*s proxy s*ttin*s t*rou** *ompon*nts lik* `Proxy*ut**nti**tion` *n* `S**urityM*n***r`. T** *i**-*on*i**n** *ntry point is in `Proxy*u