CNNVD-202509-4077 Information
CNNVD ID
CNNVD-202509-4077
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.0.0版本至2.3.1之前版本存在安全漏洞,该漏洞源于公开端点/api/user/[username]返回用户电子邮件地址,可能导致信息泄露。
Description (English)
Flag Forge is an easy-to-use CTF platform for the FlagForge open source. There is a security loophole in the pre-Flag Forge 2.0 to 2.3.1, which stems from the return of the user e-mail address to the open end/api/user/[username], which may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
FlagForge
Published
2025-09-26
Last Modified
2026-02-24
References
https://github.com/FlagForgeCTF/flagForge/commit/1b033f1b6e20fbf6df422d5d1afc9b2347528ace https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-qqjv-8r5p-7xpj https://github.com/FlagForgeCTF/flagForge/compare/v2.3.1…v2.3.2 https://github.com/FlagForgeCTF/flagForge/releases/tag/v2.3.1 https://access.redhat.com/security/cve/cve-2025-59843
Patch
https://github.com/FlagForgeCTF/flagForge/releases
Share on: