GHSA-v9gj-5rgp-w33r

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-v9gj-5rgp-w33r/GHSA-v9gj-5rgp-w33r.json

Aliases

CVE-2023-0398

Published

2023-01-19T09:30:16Z

Modified

2023-03-16T05:23:21.959150Z

Details

Modoboa 2.0.3 and prior is vulnerable to Cross-Site Request Forgery. A patch is available and anticipated to be part of version 2.0.4.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0398
https://github.com/modoboa/modoboa/commit/8e14ac93669df4f35fcdebd55dc9d2f0fed3ed48
https://github.com/modoboa/modoboa
https://huntr.dev/bounties/0a852351-00ed-44d2-a650-9055b7beed58

Affected packages

PyPI / modoboa

modoboa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

0.*

0.7.0

1.*

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.11.0

1.11.1

1.12.0

1.12.1

1.12.2

1.13.0

1.13.1

1.14.0

1.15.0

1.16.0

1.16.1

1.17.0

1.2.0

1.2.0-rc2

1.2.1

1.2.2

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.1

1.6.2

1.6.3

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

2.*

2.0.0

2.0.0b1

2.0.0b2

2.0.0b3

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

Database specific

{
    "last_known_affected_version_range": "<= 2.0.3"
}