x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-rv83-h68q-c4wq #3361

GoVulnBot · 2025-01-02T22:01:17Z

Advisory GHSA-rv83-h68q-c4wq references a vulnerability in the following Go modules:

Module
github.com/gophish/gophish

Description:
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

References:

ADVISORY: GHSA-rv83-h68q-c4wq
ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-55196
WEB: https://github.com/hexkaster/SecurityResearch/blob/main/CVE-2024-55196.md

Cross references:

github.com/gophish/gophish appears in 8 other report(s):
- data/excluded/GO-2023-1665.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45003 #1665) NOT_IMPORTABLE
- data/excluded/GO-2023-1666.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45004 #1666) NOT_IMPORTABLE
- data/excluded/GO-2023-2288.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2020-24707 #2288) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2289.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2020-24711 #2289) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2290.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2020-24712 #2290) LEGACY_FALSE_POSITIVE
- data/reports/GO-2022-0987.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-25295 #987)
- data/reports/GO-2023-1936.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9h9f-9q8g-6764 #1936)
- data/reports/GO-2023-1982.yaml (x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9c9w-9pq7-f35h #1982)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/gophish/gophish
      vulnerable_at: 0.12.1
summary: GoPhish sends cleartext passwords in github.com/gophish/gophish
cves:
    - CVE-2024-55196
ghsas:
    - GHSA-rv83-h68q-c4wq
references:
    - advisory: https://github.com/advisories/GHSA-rv83-h68q-c4wq
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-55196
    - web: https://github.com/hexkaster/SecurityResearch/blob/main/CVE-2024-55196.md
source:
    id: GHSA-rv83-h68q-c4wq
    created: 2025-01-02T22:01:17.574083711Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2025-01-07T01:12:35Z

Change https://go.dev/cl/640916 mentions this issue: data/reports: add 10 unreviewed reports

GoVulnBot added the NeedsTriage label Jan 2, 2025

tatianab added triaged and removed NeedsTriage labels Jan 7, 2025

gopherbot closed this as completed in 4ab2b0a Jan 7, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-rv83-h68q-c4wq #3361

x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-rv83-h68q-c4wq #3361

GoVulnBot commented Jan 2, 2025

gopherbot commented Jan 7, 2025

x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-rv83-h68q-c4wq #3361

x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-rv83-h68q-c4wq #3361

Comments

GoVulnBot commented Jan 2, 2025

gopherbot commented Jan 7, 2025