exploitDog

CVE-2020-24711

Опубликовано: 28 окт. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

Ссылки

https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6
Patch
Third Party Advisory
https://github.com/gophish/gophish/releases/tag/v0.11.0
Third Party Advisory
https://herolab.usd.de/security-advisories/usd-2020-0051/
Exploit
Third Party Advisory
https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6
Patch
Third Party Advisory
https://github.com/gophish/gophish/releases/tag/v0.11.0
Third Party Advisory
https://herolab.usd.de/security-advisories/usd-2020-0051/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getgophish:gophish:*:*:*:*:*:*:*:*

Версия до 0.11.0 (исключая)

EPSS

Процентиль: 65%

0.00486

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-1021

EPSS

Процентиль: 65%

0.00486

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-1021