Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2025/02/11 10:47 p.m.17 views

GeoNetwork search end-point information disclosure in response headers

Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...

5.3CVSS3.7AI score0.00351EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/02/11 10:47 p.m.7 views

GHSA-52RF-25HQ-5M33 GeoNetwork search end-point information disclosure in response headers

Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...

5.3CVSS3.6AI score0.00351EPSS
Exploits0References7
Snyk
Snyk
added 2025/02/11 10:43 p.m.2 views

Information Exposure

Overview org.geonetwork-opensource:gn-services is a GeoNetwork Services. Affected versions of this package are vulnerable to Information Exposure through the search end-point response headers. An attacker can gather sensitive information about the server's software stack by analyzing these header...

6.9CVSS6.7AI score0.00351EPSS
Exploits0References2
NVD
NVD
added 2025/02/11 10:15 p.m.13 views

CVE-2024-32037

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...

5.3CVSS0.00351EPSS
Exploits0References4
CVE
CVE
added 2025/02/11 9:50 p.m.113 views

CVE-2024-32037

GeoNetwork vulnerable versions prior to 4.2.10 and 4.4.5 disclose Elasticsearch software info via search-endpoint response headers. The issue allows server software identification. A fix is available in GeoNetwork 4.2.10 and 4.4.5; no public workarounds are listed. Remediation: upgrade to 4.2.10 ...

5.3CVSS3.6AI score0.00351EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/02/11 9:50 p.m.19 views

CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...

0.00351EPSS
Exploits0References4
OSV
OSV
added 2025/02/11 9:50 p.m.6 views

CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...

6.5AI score0.00351EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

GeoNetwork 信息泄露漏洞

GeoNetwork is a catalog application from the GeoNetwork open source. It is used to manage spatially referenced resources. An information disclosure vulnerability exists in GeoNetwork that stems from a search endpoint response header containing information about the Elasticsearch software being us...

6AI score0.00351EPSS
Exploits0References4
NVD
NVD
added 2022/09/05 5:15 p.m.24 views

CVE-2021-28398

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...

7.2CVSS0.01095EPSS
Exploits0References4
OSV
OSV
added 2022/09/05 5:15 p.m.15 views

CVE-2021-28398

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...

7.2CVSS7.6AI score
Exploits0References4
Prion
Prion
added 2022/09/05 5:15 p.m.23 views

Command injection

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...

5.8CVSS7.2AI score0.01095EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/05 4:9 p.m.25 views

CVE-2021-28398

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...

7.4AI score0.01095EPSS
Exploits0References4
CVE
CVE
added 2022/09/05 4:9 p.m.67 views

CVE-2021-28398

GeoNetwork vulnerable in versions before 3.12.0 and 4.x before 4.0.4 due to the directory harvester before-script executing arbitrary OS commands via LocalFilesystemHarvester.runBeforeScript. Earliest affected: 3.4.0. Impact: remote command execution with high privileges; requires User Administra...

7.2CVSS7.2AI score0.01095EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/05 12:0 a.m.6 views

PT-2022-9890 · Unknown · Geonetwork

Name of the Vulnerable Software and Affected Versions: GeoNetwork versions 3.4.0 through 3.12.0 GeoNetwork versions 4.0.0 through 4.0.3 Description: A privileged attacker can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. This...

7.2CVSS7.3AI score0.01095EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.6 views

GeoNetwork 操作系统命令注入漏洞

GeoNetwork is GeoNetwork open source a catalog application . It is used to manage spatial reference resources. A security vulnerability exists in GeoNetwork versions prior to 3.12.0 and 4.x series versions prior to 4.0.4, which can be exploited by an attacker to remotely execute arbitrary operati...

7.2CVSS7.5AI score0.01095EPSS
Exploits0References4
0day.today
0day.today
added 2022/07/31 12:0 a.m.183 views

Geonetwork 4.2.0 - XML External Entity Vulnerability

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.256 views

Geonetwork 4.2.0 XML Injection

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/07/29 12:0 a.m.340 views

Geonetwork 4.2.0 - XML External Entity (XXE)

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...

7.4AI score
Exploits0
NVD
NVD
added 2006/10/26 4:7 p.m.9 views

CVE-2006-5513

SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors...

7.5CVSS8.2AI score0.01162EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/10/26 4:0 p.m.20 views

CVE-2006-5513

SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors...

8.2AI score0.01162EPSS
Exploits0References5
Rows per page
Query Builder