CVE-2023-2227
published 2023-04-21CVE-2023-2227: Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
PriorityP271critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
43.76%
98.6th percentile
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modoboa | modoboa | < 2.1.0 | 2.1.0 |
| modoboa | modoboa | >= 0 < 2.1.0 | 2.1.0 |
| modoboa | modoboa | >= 0 < 7bcd3f6eb264d4e3e01071c97c2bac51cdd6fe97 | 7bcd3f6eb264d4e3e01071c97c2bac51cdd6fe97 |
| modoboa | modoboa_modoboa | >= unspecified < 2.1.0 | 2.1.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated GET request to /api/v2/parameters/core/ returning HTTP 200 with JSON body containing 'label":', 'default_password":', and 'authentication_type":"local' indicates successful exploitation of the improper authorization vulnerability. ↗
- →Response body must contain all three strings simultaneously: 'label":', 'default_password":', and 'authentication_type":"local' to confirm sensitive configuration exposure. ↗
- →Response Content-Type header must be 'application/json', confirming the API endpoint is returning raw configuration data without authorization checks. ↗
- →Shodan/FOFA fingerprinting: identify exposed Modoboa instances via favicon hash 1949005079 or HTML body containing 'modoboa'/'Modoboa' strings. ↗
- ·Vulnerability only affects Modoboa versions prior to 2.1.0; instances running 2.1.0 or later have proper authorization checks on the parameters API endpoint. ↗
- ·The exploit is unauthenticated (PR:N), requiring no credentials, making it trivially exploitable against any exposed Modoboa instance below 2.1.0. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Authorization in modoboa
ghsa·2023-04-21
CVE-2023-2227 [CRITICAL] CWE-285 Improper Authorization in modoboa
Improper Authorization in modoboa
In modoboa prior to 2.1.0, sending a GET request to the endpoint `/api/v2/parameters/core/` returns sensitive information without any authentication or authorization.
OSV
CVE-2023-2227: Improper Authorization in GitHub repository modoboa/modoboa prior to 2
osv·2023-04-21
CVE-2023-2227 CVE-2023-2227: Improper Authorization in GitHub repository modoboa/modoboa prior to 2
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
OSV
Improper Authorization in modoboa
osv·2023-04-21
CVE-2023-2227 [CRITICAL] Improper Authorization in modoboa
Improper Authorization in modoboa
In modoboa prior to 2.1.0, sending a GET request to the endpoint `/api/v2/parameters/core/` returns sensitive information without any authentication or authorization.
No detection rules found.
Nuclei
Modoboa < 2.1.0 - Improper Authorization
nuclei·CVSS 9.1
CVE-2023-2227 [CRITICAL] Modoboa < 2.1.0 - Improper Authorization
Modoboa < 2.1.0 - Improper Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
Template:
id: CVE-2023-2227
info:
name: Modoboa < 2.1.0 - Improper Authorization
author: ritikchaddha,princechaddha
severity: critical
description: |
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
impact: |
Unauthenticated attackers can access sensitive configuration parameters including default passwords and authentication settings through the API endpoint, potentially compromising the entire email management system.
remediation: |
Update Modoboa to version 2.1.0 or later that implements proper authorization checks for the parameters API endpoint.
reference:
- https://huntr.com/bounties/351f9055-2008-4af0-b820-01ff66678bf3
- https://github.c
No writeups or analysis indexed.
2023-04-21
Published