CVE-2020-15235 Information
Feb 14, 2021
cve
Description
In RACTF before commit f3dc89b unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: