CVE-2023-2228: modoboa vulnerable to Cross-Site Request Forgery
(updated )
modoboa prior to 2.1.0 is vulnerable to cross-site request forgery. An attacker must be logged in as admin to exploit this issue.
References
- github.com/advisories/GHSA-6pvf-cq4f-hfjp
- github.com/modoboa/modoboa
- github.com/modoboa/modoboa/commit/5d886f3d06373d2c3292911bac0772bcd5102343
- github.com/pypa/advisory-database/tree/main/vulns/modoboa/PYSEC-2023-36.yaml
- huntr.dev/bounties/619fb490-69ad-4a2a-b686-4c42a62404a9
- nvd.nist.gov/vuln/detail/CVE-2023-2228
Detect and mitigate CVE-2023-2228 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →