CVE-2023-50968

CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-200 · Info exposure

Published December 26, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.

Key dates

Disclosure timeline

December 26, 2023 CVE published

February 13, 2025 Record updated