CVE Vulnerability

CVE-2020-15235

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd Patch Vendor Advisory
https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:ractf:core:*:*:*:*:*:*:*:*
Information

Published : 2020-10-05 04:15

Updated : 2020-10-19 06:53

NVD link : CVE-2020-15235

Mitre link : CVE-2020-15235

Products Affected
No products.
CWE
CWE-200