Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2023-50968

UNKNOWN

Published 2023-12-26T11:45:55.393Z

Actions:

No CVSS data available

Description

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.

The same uri can be operated to realize a SSRF attack also without authorizations.

Users are recommended to upgrade to version 18.12.11, which fixes this issue.

Available Exploits

Apache OFBiz < 18.12.11 - Server Side Request Forgery

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.

ID: CVE-2023-50968

Author: your3cho High

References:

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache OFBiz

Affected Versions:

0

References

https://ofbiz.apache.org/download.html

https://ofbiz.apache.org/security.html

https://ofbiz.apache.org/release-notes-18.12.11.html

https://issues.apache.org/jira/browse/OFBIZ-12875

https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q

http://www.openwall.com/lists/oss-security/2023/12/26/2

Published: 2023-12-26T11:45:55.393Z

Last Modified: 2025-02-13T17:19:42.335Z

Copied to clipboard!