1 results (0.002 seconds)
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32037 – GeoNetwork vulnerable to search end-point information disclosure in response headers
https://notcve.org/view.php?id=CVE-2024-32037
11 Feb 2025 — GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available. • https://docs.geonetwork-opensource.org/4.4/api/search • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •