Описание
Gophish is vulnerable to Incorrect Access Control
Gophish <= 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.
Пакеты
Наименование
github.com/gophish/gophish
go
Затронутые версииВерсия исправления
<= 0.12.1
Отсутствует