GSA_kwCzR0hTQS12OWdqLTVyZ3AtdzMzcs4AAxEi

Moderate EPSS: 0.00195% (0.41724 Percentile) EPSS:

Permalink JSON

Modoboa is vulnerable to Cross-Site Request Forgery

Affected Packages	Affected Versions	Fixed Versions
pypi:modoboa PURL: `pkg:pypi/modoboa`	<= 2.0.3	2.0.4
7 Dependent packages 16 Dependent repositories 6,321 Downloads last month Affected Version Ranges All affected versions 0.7.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.11.0, 1.11.1, 1.12.0, 1.12.1, 1.12.2, 1.13.0, 1.13.1, 1.14.0, 1.15.0, 1.16.0, 1.16.1, 1.17.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3 All unaffected versions 2.0.4, 2.0.5, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11

Modoboa 2.0.3 and prior is vulnerable to Cross-Site Request Forgery. A patch is available and anticipated to be part of version 2.0.4.

References:

Identifiers

GHSA-v9gj-5rgp-w33r

CVE-2023-0398

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00195

EPSS Percentile: 0.41724

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/modoboa/modoboa

Date and time

Published

over 2 years ago

Updated

9 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories