GHSA-v9gj-5rgp-w33r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v9gj-5rgp-w33r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-v9gj-5rgp-w33r/GHSA-v9gj-5rgp-w33r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-v9gj-5rgp-w33r
- Aliases
- Published
- 2023-01-19T09:30:16Z
- Modified
- 2024-11-22T18:43:41.756115Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Modoboa is vulnerable to Cross-Site Request Forgery
- Details
-
Modoboa 2.0.3 and prior is vulnerable to Cross-Site Request Forgery. A patch is available and anticipated to be part of version 2.0.4.
- Database specific
{ "nvd_published_at": "2023-01-19T09:15:00Z", "cwe_ids": [ "CWE-352" ], "severity": "MODERATE", "github_reviewed_at": "2023-01-20T23:06:48Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-0398
- https://github.com/modoboa/modoboa/commit/8e14ac93669df4f35fcdebd55dc9d2f0fed3ed48
- https://github.com/modoboa/modoboa
- https://github.com/pypa/advisory-database/tree/main/vulns/modoboa/PYSEC-2023-282.yaml
- https://huntr.dev/bounties/0a852351-00ed-44d2-a650-9055b7beed58
Affected packages
PyPI / modoboa
Package
- Name
- modoboa
- View open source insights on deps.dev
- Purl
- pkg:pypi/modoboa
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.4
Affected versions
0.*
0.7.0
1.*
1.2.0-rc2
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.11.0
1.11.1
1.12.0
1.12.1
1.12.2
1.13.0
1.13.1
1.14.0
1.15.0
1.16.0
1.16.1
1.17.0
2.*
2.0.0b1
2.0.0b2
2.0.0b3
2.0.0
2.0.1
2.0.2
2.0.3