CNNVD-202510-776 Information
CNNVD ID
CNNVD-202510-776
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.0.0版本至2.3.2之前版本存在访问控制错误漏洞,该漏洞源于/api/admin/badge-templates和/api/admin/badge-templates/create端点缺少身份验证和授权检查,可能导致数据泄露和数据库污染。
Description (English)
Flag Forge is an easy-to-use CTF platform for the FlagForge open source. The access control error gap that existed prior to the Flag Forge version 2.0.0 to 2.3.2 resulted from the lack of identification and authorization checks at the /api/admin/budge-templates and/api/admin/budge-templates/create endpoints, which could lead to data leakage and database contamination.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
FlagForge
Published
2025-10-06
Last Modified
2026-02-24
References
https://github.com/FlagForgeCTF/flagForge/commit/e2121c5fb7a512a49dcd875812c944265fb1a846 https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-26rx-c53q-rjf9
Patch
https://github.com/FlagForgeCTF/flagForge/releases
Share on: