Headline
GHSA-67mg-gm8m-ph5r: Improper Authorization in modoboa
In modoboa prior to 2.1.0, sending a GET request to the endpoint /api/v2/parameters/core/
returns sensitive information without any authentication or authorization.
Improper Authorization in modoboa
High severity GitHub Reviewed Published Apr 21, 2023 to the GitHub Advisory Database • Updated Apr 24, 2023
Related news
CVE-2023-2227: Added missing permissions on API endpoints · modoboa/modoboa@7bcd3f6
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.