admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-152xx/CVE-2020-15235.json

149 lines
4.5 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2020-15235",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-10-05T16:15:12.237",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"lastModified": "2024-11-21T05:05:09.330",
"vulnStatus": "Modified",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched."
},
{
"lang": "es",
"value": "En RACTF versiones anteriores al commit f3dc89b, los usuarios no autenticados pueden ser capaces de obtener el valor de las claves de configuraci\u00f3n confidenciales que normalmente estar\u00edan ocultas para todos excepto para los administradores. Todas las versiones posteriores a la confirmaci\u00f3n f3dc89b9f6ab1544a289b3efc06699b13d63e0bd (10/3/20) est\u00e1n parcheadas"
}
],
"metrics": {
"cvssMetricV31": [
{
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"source": "security-advisories@github.com",
"type": "Secondary",
bootstrap
2023-04-24 12:24:31 +02:00
"cvssData": {
"version": "3.1",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
bootstrap
2023-04-24 12:24:31 +02:00
"attackVector": "NETWORK",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"attackComplexity": "HIGH",
bootstrap
2023-04-24 12:24:31 +02:00
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"availabilityImpact": "NONE"
bootstrap
2023-04-24 12:24:31 +02:00
},
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"exploitabilityScore": 2.2,
bootstrap
2023-04-24 12:24:31 +02:00
"impactScore": 3.6
},
{
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"source": "nvd@nist.gov",
"type": "Primary",
bootstrap
2023-04-24 12:24:31 +02:00
"cvssData": {
"version": "3.1",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
bootstrap
2023-04-24 12:24:31 +02:00
"attackVector": "NETWORK",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"attackComplexity": "LOW",
bootstrap
2023-04-24 12:24:31 +02:00
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"availabilityImpact": "NONE"
bootstrap
2023-04-24 12:24:31 +02:00
},
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"exploitabilityScore": 3.9,
bootstrap
2023-04-24 12:24:31 +02:00
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"baseScore": 5.0,
bootstrap
2023-04-24 12:24:31 +02:00
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
"availabilityImpact": "NONE"
bootstrap
2023-04-24 12:24:31 +02:00
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00
"type": "Primary",
bootstrap
2023-04-24 12:24:31 +02:00
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ractf:core:*:*:*:*:*:*:*:*",
"versionEndIncluding": "41edf92",
"matchCriteriaId": "89D2540B-5B14-4984-B6F1-D43546474CEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
Auto-Update: 2024-11-23T13:07:37.766281+00:00
2024-11-23 13:10:58 +00:00
},
{
"url": "https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
bootstrap
2023-04-24 12:24:31 +02:00
}
]
}
Reference in New Issue Copy Permalink