Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by ractf
CVE-2021-21329 (GCVE-0-2021-21329)
Vulnerability from cvelistv5 – Published: 2021-03-08 17:15 – Updated: 2024-08-03 18:09
VLAI?
Title
Multi Factor Authentication Token Improperly Validated On User Login
Summary
RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b.
Severity ?
8.7 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diff-60c444c47c061306f2dff5bf97c07810f40f949a8e94ecbb609b6b29364c8642R130-R152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "core",
"vendor": "ractf",
"versions": [
{
"status": "affected",
"version": "\u003ec57a4d186bfc586ad3edfe4dcba9f11efbf22f09, \u003c cebb67bd16a8296121201805332365ffccb29638"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-08T17:15:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diff-60c444c47c061306f2dff5bf97c07810f40f949a8e94ecbb609b6b29364c8642R130-R152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638"
}
],
"source": {
"advisory": "GHSA-fw57-f7mq-9q85",
"discovery": "UNKNOWN"
},
"title": "Multi Factor Authentication Token Improperly Validated On User Login",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21329",
"STATE": "PUBLIC",
"TITLE": "Multi Factor Authentication Token Improperly Validated On User Login"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_value": "\u003ec57a4d186bfc586ad3edfe4dcba9f11efbf22f09, \u003c cebb67bd16a8296121201805332365ffccb29638"
}
]
}
}
]
},
"vendor_name": "ractf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85",
"refsource": "CONFIRM",
"url": "https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85"
},
{
"name": "https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diff-60c444c47c061306f2dff5bf97c07810f40f949a8e94ecbb609b6b29364c8642R130-R152",
"refsource": "MISC",
"url": "https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diff-60c444c47c061306f2dff5bf97c07810f40f949a8e94ecbb609b6b29364c8642R130-R152"
},
{
"name": "https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638",
"refsource": "MISC",
"url": "https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638"
}
]
},
"source": {
"advisory": "GHSA-fw57-f7mq-9q85",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21329",
"datePublished": "2021-03-08T17:15:16.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:15.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15235 (GCVE-0-2020-15235)
Vulnerability from cvelistv5 – Published: 2020-10-05 15:15 – Updated: 2024-08-04 13:08
VLAI?
Title
Sensitive data exposure in RACTF
Summary
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
Severity ?
5.9 (Medium)
CWE
- CWE-200 - {"CWE-200":"Exposure of Sensitive Information to an Unauthorized Actor"}
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:23.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "core",
"vendor": "ractf",
"versions": [
{
"status": "affected",
"version": "\u003c f3dc89b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "{\"CWE-200\":\"Exposure of Sensitive Information to an Unauthorized Actor\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-05T15:15:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd"
}
],
"source": {
"advisory": "GHSA-ph67-c355-52vm",
"discovery": "UNKNOWN"
},
"title": "Sensitive data exposure in RACTF",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15235",
"STATE": "PUBLIC",
"TITLE": "Sensitive data exposure in RACTF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_value": "\u003c f3dc89b"
}
]
}
}
]
},
"vendor_name": "ractf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-200\":\"Exposure of Sensitive Information to an Unauthorized Actor\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm",
"refsource": "CONFIRM",
"url": "https://github.com/ractf/core/security/advisories/GHSA-ph67-c355-52vm"
},
{
"name": "https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd",
"refsource": "MISC",
"url": "https://github.com/ractf/core/commit/f3dc89b9f6ab1544a289b3efc06699b13d63e0bd"
}
]
},
"source": {
"advisory": "GHSA-ph67-c355-52vm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15235",
"datePublished": "2020-10-05T15:15:13.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:23.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}