CVE-2021-21329

Опубликовано: 08 мар. 2021

Источник: nvd

CVSS3: 8.7

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b.

Ссылки

https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diff-60c444c47c061306f2dff5bf97c07810f40f949a8e94ecbb609b6b29364c8642R130-R152
Patch
Third Party Advisory
https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638
Patch
Third Party Advisory
https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85
Patch
Third Party Advisory
https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diff-60c444c47c061306f2dff5bf97c07810f40f949a8e94ecbb609b6b29364c8642R130-R152
Patch
Third Party Advisory
https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638
Patch
Third Party Advisory
https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ratcf:ratcf:*:*:*:*:*:*:*:*

Версия до 2021-02-26 (исключая)

EPSS

Процентиль: 54%

0.00315

Низкий

8.7 High

CVSS3

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-287

EPSS

Процентиль: 54%

0.00315

Низкий

8.7 High

CVSS3

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-287