Information disclosure in Geonetwork Core-geonetwork
CVE-2024-32037
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuabl…
Vulnerability class: Information Disclosure
EPSS: 0.004 (26.9th percentile) — read the EPSS interpretation.
Affected products
- Geonetwork Core-geonetwork — versions < 4.2.10, >= 4.4.0, < 4.4.5
- Osgeo Geonetwork
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (Product, x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC, Release Notes)
- security-advisories@github.com (x_refsource_MISC, Release Notes)