Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ydjgzLWg2OHEtYzR3cc4ABCoq
GoPhish sends cleartext passwords
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.
Permalink: https://github.com/advisories/GHSA-rv83-h68q-c4wqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ydjgzLWg2OHEtYzR3cc4ABCoq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 20 days ago
Updated: 6 days ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00043
EPSS Percentile: 0.10892
Identifiers: GHSA-rv83-h68q-c4wq, CVE-2024-55196
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-55196
- https://github.com/hexkaster/SecurityResearch/blob/main/CVE-2024-55196.md
- https://github.com/advisories/GHSA-rv83-h68q-c4wq
Blast Radius: 9.0
Affected Packages
go:github.com/gophish/gophish
Dependent packages: 17Dependent repositories: 16
Downloads:
Affected Version Ranges: <= 0.12.1
No known fixed version
All affected versions: 0.1.1, 0.1.2, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.10.1, 0.11.0, 0.12.0, 0.12.1