GHSA-6pvf-cq4f-hfjp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6pvf-cq4f-hfjp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-6pvf-cq4f-hfjp/GHSA-6pvf-cq4f-hfjp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6pvf-cq4f-hfjp
- Aliases
- Published
- 2023-04-21T15:30:18Z
- Modified
- 2024-09-25T17:23:25.455886Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- 8.4 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- modoboa vulnerable to Cross-Site Request Forgery
- Details
-
modoboa prior to 2.1.0 is vulnerable to cross-site request forgery. An attacker must be logged in as admin to exploit this issue.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-352" ], "github_reviewed_at": "2023-04-24T20:29:46Z", "nvd_published_at": "2023-04-21T13:15:07Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-2228
- https://github.com/modoboa/modoboa/commit/5d886f3d06373d2c3292911bac0772bcd5102343
- https://github.com/modoboa/modoboa
- https://github.com/pypa/advisory-database/tree/main/vulns/modoboa/PYSEC-2023-36.yaml
- https://huntr.dev/bounties/619fb490-69ad-4a2a-b686-4c42a62404a9
Affected packages
PyPI / modoboa
Package
- Name
- modoboa
- View open source insights on deps.dev
- Purl
- pkg:pypi/modoboa
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.0
Affected versions
0.*
0.7.0
1.*
1.2.0-rc2
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.11.0
1.11.1
1.12.0
1.12.1
1.12.2
1.13.0
1.13.1
1.14.0
1.15.0
1.16.0
1.16.1
1.17.0
2.*
2.0.0b1
2.0.0b2
2.0.0b3
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5