{"vulnerability": "CVE-2024-32037", "sightings": [{"uuid": "ec8a2407-9fa1-47e5-a15a-f352be6690be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32037", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113987467563948370", "content": "", "creation_timestamp": "2025-02-11T21:52:03.912874Z"}, {"uuid": "5924a78e-7fbc-474c-ac12-8ecd8f45cc28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32037", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwopkap762a", "content": "", "creation_timestamp": "2025-02-11T22:15:53.606893Z"}, {"uuid": "4b764309-e724-4009-a534-c5cca5d6ca87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32037", "type": "seen", "source": "https://t.me/cvedetector/17786", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-32037 - GeoNetwork Elasticsearch Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-32037 \nPublished : Feb. 11, 2025, 10:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available. \nSeverity: 0.0 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T01:48:38.000000Z"}, {"uuid": "5b169745-94ae-44aa-80f0-cb26599a6dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32037", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhx4mjt3rv2n", "content": "", "creation_timestamp": "2025-02-12T02:24:52.378390Z"}, {"uuid": "a05a6ee4-7c23-4858-a796-465db84aa250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32037", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3935", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-32037\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\n\nThe search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified.\n\n### Patches\n\nGeoNetwork 4.4.5 / 4.2.10\n\n### Workarounds\n\nNone\n\n### References\n- [CVE-2024-32037](https://www.cve.org/CVERecord?id=CVE-2024-32037)\n- [Search service](https://docs.geonetwork-opensource.org/4.4/api/search/)\n\n### Credits\n\n- [Ministry of Economic Affairs and Climate Policy](https://www.rijksoverheid.nl/ministeries/ministerie-van-economische-zaken-en-klimaat), The Netherlands.\n\ud83d\udccf Published: 2025-02-11T22:47:11Z\n\ud83d\udccf Modified: 2025-02-11T22:47:11Z\n\ud83d\udd17 References:\n1. https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-52rf-25hq-5m33\n2. https://docs.geonetwork-opensource.org/4.4/api/search\n3. https://github.com/geonetwork/core-geonetwork\n4. https://www.cve.org/CVERecord?id=CVE-2024-32037", "creation_timestamp": "2025-02-11T23:11:20.000000Z"}]}