PT-2025-6397 · Unknown · Geonetwork+1

Jodygarnett

Published

2025-02-11

Updated

2025-02-12

CVE-2024-32037

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GeoNetwork versions prior to 4.2.10 GeoNetwork versions prior to 4.4.5

Description The search endpoint response headers in GeoNetwork contain information about the Elasticsearch software in use, allowing the software used by the server to be easily identified. This information is valuable from a security point of view.

Recommendations For versions prior to 4.2.10, update to version 4.2.10 or later to fix the issue. For versions prior to 4.4.5, update to version 4.4.5 or later to fix the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2024-32037

GHSA-52RF-25HQ-5M33

Affected Products

Elasticsearch

Geonetwork

PT-2025-6397 · Unknown · Geonetwork+1

CVE-2024-32037

Weakness Enumeration

Related Identifiers

Affected Products

References · 12