Lucene search

@huntrdevCVELIST:CVE-2023-0860

HistoryFeb 16, 2023 - 12:00 a.m.

CVE-2023-0860 Improper Restriction of Excessive Authentication Attempts in modoboa/modoboa-installer

2023-02-1600:00:00

CWE-307

@huntrdev

www.cve.org

cve-2023-0860

github repository

modoboa-installer

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.5%

JSON

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

CNA Affected

[
  {
    "vendor": "modoboa",
    "product": "modoboa/modoboa-installer",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.0.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/modoboa/modoboa-installer/commit/63d92b73f3da6971ae4e13d033d625773ac91085

huntr.dev/bounties/64f3ab93-1357-4468-8ff4-52bbcec18cca

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.5%

JSON

Related for CVELIST:CVE-2023-0860