Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:LFlagforge
APPFlagforge2.0 – 2.3.1 (bez)
Powiązane podatności
Flagforge: brak uwierzytelnienia w endpointach szablonów odznak
FlagForge: nieprawidłowe unieważnianie sesji po wylogowaniu
Brak kontroli dostępu w Flag Forge — privilege escalation przez endpoint przypisywania odznak
Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of ...
Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET ...