← voltar
CVE-2024-32037

GeoNetwork vulnerable to search end-point information disclosure in response headers

CVSS 0 NONEEPSS 0.4%CWE-200
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 0EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 fev 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Produtos afetados
geonetwork · core-geonetwork

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://docs.geonetwork-opensource.org/4.4/api/searchhttps://github.com/geonetwork/core-geonetwork/releases/tag/4.2.10https://github.com/geonetwork/core-geonetwork/releases/tag/4.4.5https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-52rf-25hq-5m33