3 matches found
CVE-2025-70963
Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...
GHSA-9F8M-9547-2GQM Gophish is vulnerable to Incorrect Access Control
Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...
CVE-2025-70963
Summary: CVE-2025-70963 affects Gophish prior to 0.12.1. The admin dashboard exposes each user’s long‑lived API key directly in the rendered HTML/JavaScript on login, enabling access to permanent API credentials from browser scripts. This is an Incorrect Access Control vulnerability with HIGH imp...