VYPR
Unrated severityNVD Advisory· Published Oct 5, 2020· Updated Aug 4, 2024

Sensitive data exposure in RACTF

CVE-2020-15235

Description

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.

Affected products

2
  • Alloy Rs/Corellm-fuzzy
    Range: < commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd
  • ractf/corev5
    Range: < f3dc89b

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.