x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2020-24711

[tatianab]

CVE-2020-24711 references github.com/gophish/gophish, which may be a Go module.

Description:
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-24711
• fix: gophish/gophish@6df62e8
• web: https://herolab.usd.de/security-advisories/usd-2020-0051/
• web: https://github.com/gophish/gophish/releases/tag/v0.11.0
• Imported by: https://pkg.go.dev/github.com/gophish/gophish?tab=importedby

Cross references:

• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-25295 #987 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45003 #1665 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45004 #1666 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9h9f-9q8g-6764 #1936 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9c9w-9pq7-f35h #1982 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/gophish/gophish
      vulnerable_at: 0.12.1
      packages:
        - package: n/a
cves:
    - CVE-2020-24711
references:
    - fix: https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6
    - web: https://herolab.usd.de/security-advisories/usd-2020-0051/
    - web: https://github.com/gophish/gophish/releases/tag/v0.11.0

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports