CVE-2023-2227

Name of the Vulnerable Software and Affected Versions modoboa/modoboa versions prior to 2.1.0

Description The issue is related to improper authorization in the modoboa/modoboa GitHub repository. Specifically, sending a GET request to the endpoint "/api/v2/parameters/core/" returns sensitive information without requiring any authentication or authorization.

Recommendations For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/api/v2/parameters/core/" endpoint until a patch is available.