CVE-2020-15235 Vulnerability Details

  /     /     /  

CVE-2020-15235 Metadata Quick Info

CVE Published: 05/10/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: GitHub_M | Vendor: ractf | Product: core
Status : PUBLISHED

---

CVE-2020-15235 Description

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.

Metrics

CVSS Version: 3.1 | Base Score: 5.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: {"CWE-200":"Exposure of Sensitive Information to an Unauthorized Actor"}
Source: ractf

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).