.. / CVE-2022-24816

Exploit for GeoServer <1.2.2 - Remote Code Execution (CVE-2022-24816)

Description:

Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22.

Nuclei Template

View the template here CVE-2022-24816.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-24816.yaml

References:

https://www.synacktiv.com/en/publications/exploiting-cve-2022-24816-a-code-injection-in-the-jt-jiffle-extension-of-geoserver.html
https://github.com/tanjiti/sec_profile
https://nvd.nist.gov/vuln/detail/CVE-2022-24816
https://github.com/geosolutions-it/jai-ext/commit/cb1d6565d38954676b0a366da4f965fef38da1cb
https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx

.. / CVE-2022-24816 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for GeoServer <1.2.2 - Remote Code Execution (CVE-2022-24816)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-24816