CVE-2024-27091 in GeoNodeinfo

Summary

by MITRE • 03/27/2024

GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 12/19/2025

The vulnerability identified as CVE-2024-27091 affects GeoNode, a geospatial content management system designed for managing and publishing geospatial data. This system serves as a platform for organizations to handle geographic information system data, making it a critical component in various sectors including government, environmental monitoring, and urban planning. The vulnerability resides within the rich text editor functionality of the application, which is a common feature in content management systems that allows users to format text with various styling options and embedded elements.

The technical flaw represents a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into the application's content storage. This occurs because the rich text editor does not properly sanitize user input before storing it in the database, creating a persistent vector for malicious code execution. The vulnerability is particularly concerning because it enables attackers to store malicious scripts that will execute whenever other users view the affected content. While the application properly sets cookies with secure attributes, the vulnerability creates a pathway for attackers to obtain victim CSRF tokens through the XSS vector, which can then be used to perform unauthorized actions on behalf of other users.

The operational impact of this vulnerability extends beyond simple script execution, as it enables full account takeover capabilities. Attackers can leverage the retrieved CSRF tokens to make authenticated requests that change victim email addresses, effectively taking control of user accounts. This account takeover scenario represents a severe compromise of user data and system integrity, as it allows attackers to potentially access sensitive geospatial information, modify content, and perform actions as legitimate users. The vulnerability's exploitation is facilitated by the fact that script elements do not interfere with CORS policy enforcement, meaning that malicious requests originating from the compromised application will succeed regardless of origin restrictions.

This vulnerability aligns with CWE-79, which describes cross-site scripting flaws, and demonstrates characteristics consistent with CWE-352, covering cross-site request forgery vulnerabilities. The attack pattern follows techniques described in the MITRE ATT&CK framework under T1566 for credential access and T1190 for exploitation of vulnerabilities in web applications. The combination of stored XSS with CSRF token theft creates a particularly dangerous attack vector that bypasses traditional security controls. Organizations using GeoNode should immediately implement the patch released in version 4.2.3, which addresses both the XSS sanitization issues and strengthens CSRF protection mechanisms. Additionally, security teams should conduct comprehensive audits of all rich text editing components and ensure proper input validation and output encoding practices are implemented throughout the application.

Responsible

GitHub, Inc.

Reservation

02/19/2024

Disclosure

03/27/2024

Moderation

accepted

CPE

ready

EPSS

0.00376

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!