Information disclosure in Geonetwork Core-geonetwork

CVE-2024-32037

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuabl…

Vulnerability class: Information Disclosure

EPSS: 0.004 (26.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References