Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0.
The endpoint /api/admin/assign-badge intended for administrative badge assignment does not implement proper access control (CWE-862 — Missing Authorization). Any authenticated user can send a request to this endpoint and independently assign themselves a high-privilege badge, such as Staff. No administrative role or additional server-side identity verification is required.
An attacker with any user account can obtain administrative privileges (privilege escalation) and impersonate a Staff role or other privileged role on the platform, which could lead to complete takeover of the CTF system.
Flag Forge should be updated to version 2.2.0, in which the vulnerability was patched by the vendor.
Flag Forge version 2.1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFlagforge
APPFlagforge2.1.0
Related vulnerabilities
Flagforge: brak uwierzytelnienia w endpointach szablonów odznak
FlagForge: nieprawidłowe unieważnianie sesji po wylogowaniu
Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of ...
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpo...
Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET ...