Lucene search

@huntrdevCVE-2023-0860

HistoryFeb 16, 2023 - 10:15 a.m.

CVE-2023-0860

2023-02-1610:15:11

CWE-307

@huntrdev

web.nvd.nist.gov

cve-2023-0860

github repository

modoboa

nvd

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.5%

JSON

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

Affected configurations

Nvd

Node

modoboainstallerRange<2.0.4modoboa

VendorProductVersionCPE
modoboainstaller*cpe:2.3:a:modoboa:installer:*:*:*:*:*:modoboa:*:*

Vendor	Product	Version	CPE
modoboa	installer	*	cpe:2.3:a:modoboa:installer::::::modoboa::*

CNA Affected

[
  {
    "vendor": "modoboa",
    "product": "modoboa/modoboa-installer",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.0.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/modoboa/modoboa-installer/commit/63d92b73f3da6971ae4e13d033d625773ac91085

huntr.dev/bounties/64f3ab93-1357-4468-8ff4-52bbcec18cca

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.5%

JSON

Related for CVE-2023-0860