Authentication Bypass by Primary Weakness in modoboa/modoboa
CVE-2023-0777

9.8CRITICAL

Key Information:

Vendor: Modoboa
Status: Modoboa/modoboa
Vendor: CVE Published:; 10 February 2023

What is CVE-2023-0777?

The vulnerability in the Modoboa email management system allows attackers to bypass authentication mechanisms. This issue arises due to a primary weakness present in the system prior to version 2.0.4. Users of affected versions may find their administrative features compromised, enabling unauthorized access and potential takeover of the application. It is crucial to upgrade to the latest version to protect against this type of security breach.

Affected Version(s)

modoboa/modoboa < 2.0.4

References

https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466...

https://github.com/modoboa/modoboa/commit/47d17ac6643f870...

http://packetstormsecurity.com/files/171744/modoboa-2.0.4...

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2023
Vulnerability Reserved
Feb 10, 2023

CVE-2023-0777 Data

JSON