Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sensitive data exposure in RACTF
Vulnerability Description
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
RACTF 信息泄露漏洞
Vulnerability Description
ractf是英国个人开发者的一个CTF平台。 RACTF f3dc89b之前版本存在安全漏洞,攻击者可利用该漏洞能够获得敏感配置键的值,而这些配置键通常对除了管理员之外的所有人都是隐藏的。
CVSS Information
N/A
Vulnerability Type
N/A