CVE-2024-27091 - Vulnerability Details - OpenCVE

GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0019.

Key SSVC decision points have not yet been added.

Vendors	Products
Geosolutionsgroup	Geonode

Configuration 1 [-]

cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f
https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm

History

Fri, 19 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Geosolutionsgroup Geosolutionsgroup geonode
CPEs		cpe:2.3:a:geosolutionsgroup:geonode::::::::
Vendors & Products		Geosolutionsgroup Geosolutionsgroup geonode

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-27T13:01:49.004Z

Updated: 2024-08-02T00:27:57.875Z

Reserved: 2024-02-19T14:43:05.992Z

Link: CVE-2024-27091

Vulnrichment

Updated: 2024-08-02T00:27:57.875Z

NVD

Status : Analyzed

Published: 2024-03-27T13:15:47.023

Modified: 2025-12-19T18:28:57.200

Link: CVE-2024-27091

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27091", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-19T14:43:05.992Z", "datePublished": "2024-03-27T13:01:49.004Z", "dateUpdated": "2024-08-02T00:27:57.875Z"}, "containers": {"cna": {"title": "GeoNode stored XSS to full account takeover", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm"}, {"name": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f", "tags": ["x_refsource_MISC"], "url": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f"}], "affected": [{"vendor": "GeoNode", "product": "geonode", "versions": [{"version": ">= 3.2.0, < 4.2.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-27T13:01:49.004Z"}, "descriptions": [{"lang": "en", "value": "GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3."}], "source": {"advisory": "GHSA-rwcv-whm8-fmxm", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T19:16:52.917125Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:54.543Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:57.875Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm"}, {"name": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm", "name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f", "name": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:57.875Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T19:16:52.917125Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-21T19:16:57.902Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "GeoNode stored XSS to full account takeover", "source": {"advisory": "GHSA-rwcv-whm8-fmxm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "GeoNode", "product": "geonode", "versions": [{"status": "affected", "version": ">= 3.2.0, < 4.2.3"}]}], "references": [{"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm", "name": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f", "name": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-27T13:01:49.004Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27091", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:27:57.875Z", "dateReserved": "2024-02-19T14:43:05.992Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-27T13:01:49.004Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*", "matchCriteriaId": "014827B6-7C66-4238-A628-EA9E2897A136", "versionEndExcluding": "4.2.3", "versionStartExcluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3."}, {"lang": "es", "value": "GeoNode es un sistema de gesti\u00f3n de contenidos geoespaciales, una plataforma para la gesti\u00f3n y publicaci\u00f3n de datos geoespaciales. Existe un problema dentro de GEONODE donde el editor de texto enriquecido actual es vulnerable al XSS almacenado. Las cookies de la aplicaci\u00f3n se configuran de forma segura, pero es posible recuperar el token CSRF de la v\u00edctima y emitir una solicitud para cambiar la direcci\u00f3n de correo electr\u00f3nico de otro usuario para realizar una toma de control completa de la cuenta. Debido a que el elemento del script no afecta la pol\u00edtica CORS, las solicitudes se realizar\u00e1n correctamente. Esta vulnerabilidad se soluciona en 4.2.3."}], "id": "CVE-2024-27091", "lastModified": "2025-12-19T18:28:57.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-27T13:15:47.023", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}