GeoNetwork XML External Entity Vulnerability in PDF Rendering

A XML external entity (XXE) vulnerability has been identified in GeoNetwork versions 3.10 prior to 4.2.0. This vulnerability arises during PDF rendering, where an insecure XML parser allows attackers to retrieve arbitrary files from the server. Exploitation involves crafting a malicious XML document with external entity references, which can be used to read system files via the baseURL parameter in PDF creation requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Reproduction

To reproduce this vulnerability, send a POST request to the '/geonetwork/pdf/create.json' endpoint. Include a JSON payload that specifies the 'baseURL' parameter with a URL pointing to an XML file controlled by the attacker. The XML file should be crafted to include external entity references that, when processed by the XML parser, retrieve sensitive files from the server and expose them through the attacker's specified URL.