Lucene search

GitHub Advisory DatabaseGHSA-RFHW-FM4M-52J6

HistoryFeb 10, 2023 - 9:30 p.m.

Authentication Bypass in modoboa

2023-02-1021:30:24

CWE-305

GitHub Advisory Database

github.com

authentication bypass

github repository

modoboa software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.028

Percentile

90.8%

JSON

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

Affected configurations

Vulners

Node

modoboamodoboaRange≤2.0.3

VendorProductVersionCPE
modoboamodoboa*cpe:2.3:a:modoboa:modoboa:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
modoboa	modoboa	*	cpe:2.3:a:modoboa:modoboa::::::::

References

packetstormsecurity.com/files/171744/modoboa-2.0.4-Admin-Takeover.html

github.com/advisories/GHSA-rfhw-fm4m-52j6

github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806

github.com/pypa/advisory-database/tree/main/vulns/modoboa/PYSEC-2023-32.yaml

huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7

nvd.nist.gov/vuln/detail/CVE-2023-0777

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.028

Percentile

90.8%

JSON

Related for GHSA-RFHW-FM4M-52J6