Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-32037

Date: February 11, 2025

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available.

Severity Score

Related Resources (8)

https://docs.geonetwork-opensource.org/4.4/api/search
https://github.com/geonetwork/core-geonetwork
https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-52rf-25hq-5m33
https://www.cve.org/CVERecord?id=CVE-2024-32037
https://github.com/geonetwork/core-geonetwork/releases/tag/4.4.5
https://github.com/geonetwork/core-geonetwork/releases/tag/4.2.10
https://nvd.nist.gov/vuln/detail/CVE-2024-32037
https://www.mend.io/vulnerability-database/CVE-2024-32037

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us