Primary

Context

Gowabby HFish Improper Authentication Vulnerability in LoadUrl Function

Vulnerability

A critical permission bypass vulnerability has been identified in Gowabby HFish version 0.1. The issue arises in the LoadUrl function within the file view/url.go, where the authentication process is not properly implemented. This flaw allows remote attackers to bypass authentication requirements. The vulnerability has been publicly disclosed and is available for exploitation.

Impact

Exploitation of this vulnerability allows for unauthorized access to functionalities or areas of the application that require authentication, potentially leading to further actions or access within the application.

Reproduction

To reproduce this vulnerability, send a GET request to the /dashboard endpoint. Include a Cookie header with is_login set to admin. The absence of proper authentication will allow access to the dashboard, bypassing normal login requirements.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gowabby HFish Improper Authentication Vulnerability in LoadUrl Function

Vulnerability

Impact

Reproduction

Affected Products

Gowabby HFish

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating