CVE-2024-55196

Aliases:GHSA-rv83-h68q-c4wqGO-2025-3361

Advisory lineage Upstream: 0 Downstream: 2

Downstream

OPENSUSE-SU-2025:14624-1 SUSE-SU-2025:0060-1

Deferred

Published: 19 Dec 2024, 00:00

Last modified:02 Jan 2025, 19:26

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.06% LOW

0% probability +0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Dec 2024, 00:00

Published

Vulnerability first disclosed

02 Jan 2025, 19:26

Last Modified

Vulnerability information updated

Description

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.06%• Percentile: 18%

Techniques & Countermeasures

CWE-312•Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Systems

github.com/gophish•gophish
≤ 0.12.1 | all