Vulnerability Details : CVE-2020-24711
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
Vulnerability category: Denial of service
Products affected by CVE-2020-24711
- cpe:2.3:a:getgophish:gophish:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-24711
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-24711
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-24711
-
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-24711
-
https://github.com/gophish/gophish/releases/tag/v0.11.0
Release Gophish v0.11.0 · gophish/gophish · GitHubThird Party Advisory
-
https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6
Added a simple Content-Security-Policy to mitigate clickjacking attem… · gophish/gophish@6df62e8 · GitHubPatch;Third Party Advisory
-
https://herolab.usd.de/security-advisories/usd-2020-0051/
usd-2020-0051 | usd HerolabExploit;Third Party Advisory
Jump to