GeoServer SSRF (CVE-2021-40822)
Description
GeoServer versions prior to the patched release contain a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to abuse the proxy host configuration feature. Attackers can exploit this flaw to send arbitrary HTTP requests from the GeoServer instance to internal network resources that are not directly accessible from the internet, effectively using the server as a proxy to bypass network security controls.
Remediation
Apply the following remediation steps in order of priority:
1. Immediate Action:
• Upgrade GeoServer to version 2.19.3, 2.18.5, or 2.17.7 or later, which contain patches for CVE-2021-40822
• Review the GeoServer security advisories at https://geoserver.org/announcements/vulnerability/ for the latest patch information
2. Temporary Mitigation (if immediate patching is not possible):
• Restrict network access to GeoServer administrative interfaces using firewall rules or access control lists
• Implement network segmentation to limit GeoServer's ability to reach sensitive internal resources
• Monitor GeoServer logs for suspicious proxy configuration changes or unusual outbound connection attempts
3. Post-Remediation:
• Verify the patch installation by testing that proxy host configuration no longer allows arbitrary internal requests
• Review access logs for any evidence of exploitation prior to patching
• Consider implementing egress filtering to restrict outbound connections from the GeoServer instance