CVE-2020-5290 Information

Description

In RedpwnCTF before version 2.3 there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by for example exploiting a stored XSS payload in a CTF challenge so that victim teams who solve the challenge are unknowingly (and against their will) signed into the attacker team&39;s account. Then the attacker can gain points / value off the backs of the victims. This is patched in version 2.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

https://github.com/redpwn/rctf/issues/147 https://github.com/redpwn/rctf/security/advisories/GHSA-p5fh-2vhw-fvpq

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5