Improper Authorization in modoboa/modoboa
CVE-2023-2227

9.1CRITICAL

Key Information:

Vendor: Modoboa
Status: Modoboa/modoboa
Vendor: CVE Published:; 21 April 2023

What is CVE-2023-2227?

A vulnerability in the Modoboa application allows unauthorized users to access restricted features and data through improper authorization checks. This issue affects versions prior to 2.1.0, posing risks to user privacy and data integrity. It is crucial for users to update their software to the latest version to mitigate potential security threats and ensure proper access controls.

Affected Version(s)

modoboa/modoboa < 2.1.0

References

https://huntr.dev/bounties/351f9055-2008-4af0-b820-01ff66...

https://github.com/modoboa/modoboa/commit/7bcd3f6eb264d4e...

EPSS Score

43% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2023
Vulnerability Reserved
Apr 21, 2023

CVE-2023-2227 Data

JSON