GeoServer GeoWebCache Version Disclosure Vulnerability

A vulnerability in GeoServer's GeoWebCache component allows for the unintentional exposure of sensitive server information, including version details and internal storage locations. This issue arises because the GeoWebCacheDispatcher does not adequately conceal potentially sensitive data from users, except for a hidden system property that, by default, reveals storage locations. The vulnerability is present in GeoServer versions 2.26.0 through 2.26.2 and prior to 2.25.6.

Impact

The vulnerability could lead to the unintentional disclosure of version information, which can be leveraged for targeted attacks. Additionally, it exposes internal configuration files and storage locations, which may reveal the system's temporary directory and indicate whether GeoServer is running on a Windows operating system. The home page also displays the approximate server start time and basic GeoWebCache usage statistics.

Reproduction

To reproduce this vulnerability, access the GeoWebCache home page within an embedded GeoServer instance. The version information and other sensitive details will be displayed, unless the user is logged in as an administrator.

Remediation

Users can upgrade to GeoServer versions 2.26.2 or 2.25.6, both of which address this vulnerability.