GeoServer WMS SSRF (CVE-2023-43795)
Description
GeoServer WMS contains a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated remote attackers to abuse the server as a proxy to make arbitrary HTTP requests. Attackers can leverage this flaw to scan and interact with internal network resources that are normally protected from external access, potentially exposing sensitive services, metadata endpoints, or cloud instance metadata services.
Remediation
Apply security updates immediately by upgrading GeoServer to a patched version:
1. Upgrade to GeoServer version 2.23.3, 2.22.5, or later depending on your release branch
2. If immediate patching is not possible, implement network-level controls to restrict outbound connections from the GeoServer instance
3. Configure firewall rules to block the GeoServer process from accessing internal network ranges (RFC 1918 addresses: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and cloud metadata endpoints (169.254.169.254)
4. Review application and network logs for suspicious DNS queries or HTTP requests to unexpected destinations
5. Consider implementing Web Application Firewall (WAF) rules to detect and block SSRF attack patterns in WMS requests
Consult the GeoServer security advisory for version-specific upgrade instructions and additional mitigation guidance.