CNNVD-202602-989 Information

CNNVD ID

CNNVD-202602-989

Related CVE

CVE-2025-70963

• CNNVD Published: 2026-02-06

Description (Chinese)

GoPhish是GoPhish开源的一款开源的网络钓鱼框架。 Gophish 0.12.1及之前版本存在安全漏洞，该漏洞源于访问控制不当，管理面板在每次登录时于页面渲染的HTML或JavaScript中直接暴露用户的长效API密钥，可能导致浏览器环境中运行的任意脚本获取永久API凭据。

Description (English)

GoPhish is an open-source web fishing framework for GoPhish. There is a security loophole in Gophish 0.12.1 and previous versions, which stems from inappropriate access controls that manage the panel to directly expose the user ’ s long-lived API key in HTML or JavaScript at each login, which may lead to permanent API proof of any script that operates in the browser environment.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GoPhish

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/gophish/gophish/issues/9366