{"id":"CVE-2020-15235","details":"In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.","aliases":["GHSA-ph67-c355-52vm"],"modified":"2026-07-08T05:59:45.835536921Z","published":"2020-10-05T16:15:12.237Z","database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","cpes":["cpe:2.3:a:ractf:core:*:*:*:*:*:*:*:*"],"vendor_product":"ractf:core","extracted_events":[{"last_affected":"41edf92"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm"},{"type":"FIX","url":"https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ractf/core","events":[{"introduced":"0"},{"fixed":"f3dc89b9f6ab1544a289b3efc06699b13d63e0bd"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15235.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}