CVE-2024-38524 MEDIUM

CVE-2024-38524: GWC Home Page communicate version and revision information

Vendor Geoserver

Product geoserver

Weakness CWE-200 · Info exposure

Published June 10, 2025

Last update June 10, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.

Key dates

02Disclosure timeline

June 10, 2025 CVE published

June 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-38524

Related vulnerabilities

Identifiers

CVE CVE-2024-38524

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions

Vendor Geoserver

Product geoserver

Affected >= 2.26.0, < 2.26.2

Vendor Geoserver

Product geoserver

Affected < 2.25.6

CVE-2024-38524: GWC Home Page communicate version and revision information

01Description

02Disclosure timeline

03References

04Related CVE