CVE-2024-25065

{"id": "CVE-2024-25065", "cveTags": [], "metrics": {}, "published": "2024-02-29T01:44:14.480", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/02/28/10", "source": "security@apache.org"}, {"url": "https://issues.apache.org/jira/browse/OFBIZ-12887", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc", "source": "security@apache.org"}, {"url": "https://ofbiz.apache.org/download.html", "source": "security@apache.org"}, {"url": "https://ofbiz.apache.org/release-notes-18.12.12.html", "source": "security@apache.org"}, {"url": "https://ofbiz.apache.org/security.html", "source": "security@apache.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "\nPossible path traversal in Apache OFBiz allowing authentication bypass.\nUsers are recommended to upgrade to version 18.12.12, that fixes the issue.\n\n"}, {"lang": "es", "value": "Posible path traversal en Apache OFBiz que permite omitir la autenticaci\u00f3n. Se recomienda a los usuarios actualizar a la versi\u00f3n 18.12.12, que soluciona el problema."}], "lastModified": "2024-02-29T13:49:29.390", "sourceIdentifier": "security@apache.org"}