What is CVE-2023-50968?

CVE-2023-50968 is a vulnerability in Apache Software Foundation Ofbiz, classified under Information Disclosure. Published 2023-12-26.

Is CVE-2023-50968 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Apache Software Foundation Ofbiz

CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users…

Vulnerability class: Information Disclosure

EPSS: 0.839 (99.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Ofbiz — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

ofbiz.apache.org/download.html (mitigation)
ofbiz.apache.org/security.html (related)
ofbiz.apache.org/release-notes-18.12.11.html (release-notes)
issues.apache.org/jira/browse/OFBIZ-12875 (issue-tracking)
lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q (vendor-advisory)
www.openwall.com/lists/oss-security/2023/12/26/2

Frequently asked questions

What is CVE-2023-50968?: CVE-2023-50968 is a vulnerability in Apache Software Foundation Ofbiz, classified under Information Disclosure. Published 2023-12-26.
Is CVE-2023-50968 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.