Is there a patch available for CVE-2024-32037?

Yes, a patch is available for CVE-2024-32037. Update the affected software to the latest version immediately.

Elastic CVE-2024-32037

NONE

Information Exposure (CWE-200)

2025-02-11 security-advisories@github.com

Information Disclosure Elastic

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:26 vuln.today

CVE Published

Feb 11, 2025 - 22:15 nvd

NONE

DescriptionNVD

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available.

AnalysisAI

GeoNetwork is a catalog application to manage spatially referenced resources. Rated remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available. Version information: prior to 4.2.10.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More from same product – last 7 days

CVE-2026-42398 HIGH This Week

7.7 May 28

Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa

CVE-2026-33464 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a

CVE-2026-42399 MEDIUM This Month

6.5 May 28

Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc

CVE-2026-42400 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated user to crash or render unresponsive a Kibana instance by sending a

CVE-2026-49094 MEDIUM This Month

6.5 May 28

Denial of service in Kibana's analytics collections management endpoint allows any authenticated user with viewer-level

CVE-2024-32037 vulnerability details – vuln.today

Back

Elastic CVE-2024-32037

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code