What is the severity of GHSA-52rf-25hq-5m33?

The severity level for GHSA-52rf-25hq-5m33 is classified as sensitive due to the exposure of software version information.

How do I fix GHSA-52rf-25hq-5m33?

To address GHSA-52rf-25hq-5m33, you should upgrade to either GeoNetwork version 4.2.10 or 4.4.5.

What information is exposed in GHSA-52rf-25hq-5m33?

GHSA-52rf-25hq-5m33 exposes sensitive response headers that reveal the specific version of Elasticsearch software in use.

Is there a workaround for GHSA-52rf-25hq-5m33?

There are currently no workarounds for GHSA-52rf-25hq-5m33, so applying the patches is necessary.

Which versions of GeoNetwork are affected by GHSA-52rf-25hq-5m33?

GHSA-52rf-25hq-5m33 affects GeoNetwork versions prior to 4.2.10 and between 4.4.0 and 4.4.5.

Vulnerability/
GHSA-52rf-25hq-5m33

medium

5.3

CWE

200

11/2/2025

GHSA-52rf-25hq-5m33: Infoleak

First published: Tue Feb 11 2025(Updated: )

### Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. ### Patches GeoNetwork 4.4.5 / 4.2.10 ### Workarounds None ### References - [CVE-2024-32037](https://www.cve.org/CVERecord?id=CVE-2024-32037) - [Search service](https://docs.geonetwork-opensource.org/4.4/api/search/) ### Credits - [Ministry of Economic Affairs and Climate Policy](https://www.rijksoverheid.nl/ministeries/ministerie-van-economische-zaken-en-klimaat), The Netherlands.

Affected Software	Affected Version	How to fix
maven/org.geonetwork-opensource:gn-services	<4.2.10	4.2.10
maven/org.geonetwork-opensource:gn-services	>=4.4.0<4.4.5	4.4.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of GHSA-52rf-25hq-5m33?
The severity level for GHSA-52rf-25hq-5m33 is classified as sensitive due to the exposure of software version information.
How do I fix GHSA-52rf-25hq-5m33?
To address GHSA-52rf-25hq-5m33, you should upgrade to either GeoNetwork version 4.2.10 or 4.4.5.
What information is exposed in GHSA-52rf-25hq-5m33?
GHSA-52rf-25hq-5m33 exposes sensitive response headers that reveal the specific version of Elasticsearch software in use.
Is there a workaround for GHSA-52rf-25hq-5m33?
There are currently no workarounds for GHSA-52rf-25hq-5m33, so applying the patches is necessary.
Which versions of GeoNetwork are affected by GHSA-52rf-25hq-5m33?
GHSA-52rf-25hq-5m33 affects GeoNetwork versions prior to 4.2.10 and between 4.4.0 and 4.4.5.

collector/github-advisory-latest
source/GitHub
alias/GHSA-52rf-25hq-5m33
alias/CVE-2024-32037
agent/software-canonical-lookup
agent/weakness
agent/source
agent/softwarecombine
agent/references
agent/severity
agent/description
agent/type
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.