CVE-2024-32037
GeoNetwork prior to versions 4.2.10 and 4.4.5 exposes Elasticsearch version info in search endpoint response headers, enabling fingerprinting. The issue is fixed in GeoNetwork 4.2.10 and 4.4.5; no known workarounds are provided. Affected products are GeoNetwork Open Source; remediation is to upgr...
