GeoNode Server-Side Request Forgery Vulnerability in Service Registration Endpoint

A server-side request forgery (SSRF) vulnerability has been identified in GeoNode versions 4.0 prior to 4.4.5 and 5.0 prior to 5.0.2. This vulnerability exists in the service registration endpoint, where authenticated attackers can send crafted service URLs that trigger outbound network requests to arbitrary locations. The exploitation takes advantage of inadequate URL validation in the WMS service handler, allowing attackers to probe internal network targets such as loopback addresses, private IP ranges, link-local addresses, and cloud metadata services. The vulnerability arises from a lack of proper filtering for private IPs and the absence of allowlist enforcement during form validation.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an authenticated attacker can make the server send requests to internal or external resources, potentially leading to unauthorized access or disclosure of sensitive information.

Remediation

Users can upgrade to GeoNode versions 4.4.5 or 5.0.2 to address this vulnerability.