41 matches found
GeoNetwork search end-point information disclosure in response headers
Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...
GHSA-52RF-25HQ-5M33 GeoNetwork search end-point information disclosure in response headers
Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...
Information Exposure
Overview org.geonetwork-opensource:gn-services is a GeoNetwork Services. Affected versions of this package are vulnerable to Information Exposure through the search end-point response headers. An attacker can gather sensitive information about the server's software stack by analyzing these header...
CVE-2024-32037
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...
CVE-2024-32037
GeoNetwork vulnerable versions prior to 4.2.10 and 4.4.5 disclose Elasticsearch software info via search-endpoint response headers. The issue allows server software identification. A fix is available in GeoNetwork 4.2.10 and 4.4.5; no public workarounds are listed. Remediation: upgrade to 4.2.10 ...
CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...
CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...
GeoNetwork 信息泄露漏洞
GeoNetwork is a catalog application from the GeoNetwork open source. It is used to manage spatially referenced resources. An information disclosure vulnerability exists in GeoNetwork that stems from a search endpoint response header containing information about the Elasticsearch software being us...
CVE-2021-28398
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...
CVE-2021-28398
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...
Command injection
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...
CVE-2021-28398
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...
CVE-2021-28398
GeoNetwork vulnerable in versions before 3.12.0 and 4.x before 4.0.4 due to the directory harvester before-script executing arbitrary OS commands via LocalFilesystemHarvester.runBeforeScript. Earliest affected: 3.4.0. Impact: remote command execution with high privileges; requires User Administra...
PT-2022-9890 · Unknown · Geonetwork
Name of the Vulnerable Software and Affected Versions: GeoNetwork versions 3.4.0 through 3.12.0 GeoNetwork versions 4.0.0 through 4.0.3 Description: A privileged attacker can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. This...
GeoNetwork 操作系统命令注入漏洞
GeoNetwork is GeoNetwork open source a catalog application . It is used to manage spatial reference resources. A security vulnerability exists in GeoNetwork versions prior to 3.12.0 and 4.x series versions prior to 4.0.4, which can be exploited by an attacker to remotely execute arbitrary operati...
Geonetwork 4.2.0 - XML External Entity Vulnerability
Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...
Geonetwork 4.2.0 XML Injection
Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...
Geonetwork 4.2.0 - XML External Entity (XXE)
Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...
CVE-2006-5513
SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors...
CVE-2006-5513
SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors...