Primary

Context

GeoNetwork Information Disclosure Vulnerability in Search Endpoint Response Headers

Vulnerability

Patched

A vulnerability exists in GeoNetwork versions prior to 4.2.10 and 4.4.5, where the search endpoint response headers inadvertently reveal details about the Elasticsearch software in use. This information could be exploited to identify the server's software components, potentially leading to security risks.

Impact

Exploitation of this vulnerability could allow an attacker to gain insights into the server's software stack, which could be used to identify potential vulnerabilities or attack vectors.

Remediation

Users can upgrade to GeoNetwork versions 4.4.5 or 4.2.10 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GeoNetwork Information Disclosure Vulnerability in Search Endpoint Response Headers

Vulnerability

Impact

Remediation

Affected Products

GeoNetwork

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating