Unauthenticated Access to Sensitive Config Keys in RACTF (Pre-Commit f3dc89b)

Unauthenticated Access to Sensitive Config Keys in RACTF (Pre-Commit f3dc89b)

CVE-2020-15235 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.

Learn more about our User Device Pen Test.