Skip to main content

Modoboa CVE-2023-2228

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-04-21 security@huntr.dev
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 21, 2023 - 13:15 nvd
MEDIUM 6.8

DescriptionNVD

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.

AnalysisAI

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. Affected products include: Modoboa. Version information: prior to 2.1.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-2160 CRITICAL POC
9.8 Apr 18

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.8), this

CVE-2023-0777 CRITICAL POC
9.8 Feb 10

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. Rated critical severity (

CVE-2023-2227 CRITICAL POC
9.1 Apr 21

Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.1), this vul

CVE-2023-5690 HIGH POC
8.8 Oct 20

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. Rated high severity (CVSS 8.8), t

CVE-2023-0438 MEDIUM POC
6.5 Jan 23

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 6.5),

CVE-2023-0398 MEDIUM POC
6.5 Jan 19

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 6.5),

CVE-2023-5689 MEDIUM POC
5.4 Oct 20

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. Rated medium severity (CVSS 5.4),

CVE-2023-5688 MEDIUM POC
5.4 Oct 20

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. Rated medium severity (CVSS 5.4),

CVE-2023-0519 MEDIUM POC
5.4 Jan 26

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 5.4

CVE-2023-0470 MEDIUM POC
5.4 Jan 26

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 5.4

CVE-2023-0949 MEDIUM POC
4.8 Feb 22

Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. Rated medium severity (CVSS

CVE-2023-0406 MEDIUM POC
4.3 Jan 19

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 4.3),

Share

CVE-2023-2228 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy