| Advisory
Products
MOOLE SCA
Continuous visibility into open-source risk
MOOLE Container Security
End-to-end container defense across the SDLC
MOOLE SAST
Static application security testing for source code
About Us
CVE-2023-2227
Vulnerability Database
pypi
CVE-2023-2227
Base Score
CRITICAL
9.1
CVE-2023-2227
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
Vector
NETWORK
Published By
security@huntr.dev
Published Date
Apr 21, 2023, 13:15
Affected Versions
(1)
modoboa
(PyPI)
Introduced
0
Fixed
2.1.0
Limit
N/A
Package (Ecosystem)
Introduced
Fixed
Limit
modoboa
(PyPI)
0
2.1.0
N/A
Weakness Type (CWE)
:
CWE-285
CVSS Metrics
CVSS v3.1
CVSS v3.0
Base Score
9.1
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Severity
CRITICAL
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
HIGH
Availability (A)
NONE
References
https://github.com/modoboa/modoboa/commit/7bcd3f6eb264d4e3e01071c97c2bac51cdd6fe97
https://huntr.dev/bounties/351f9055-2008-4af0-b820-01ff66678bf3
Base Score
CRITICAL
9.1
Weakness Type (CWE)
:
CWE-285
CVSS Metrics
CVSS v3.1
CVSS v3.0
Base Score
9.1
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Severity
CRITICAL
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
HIGH
Availability (A)
NONE
