CVE-2024-32037

GeoNetwork vulnerable versions prior to 4.2.10 and 4.4.5 disclose Elasticsearch software info via search-endpoint response headers. The issue allows server software identification. A fix is available in GeoNetwork 4.2.10 and 4.4.5; no public workarounds are listed. Remediation: upgrade to 4.2.10 ...