FlagForgeCTF is Missing Authorization in main-v2

Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0.

N/A

授权机制缺失

Flag Forge 安全漏洞

Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.1.0版本存在安全漏洞，该漏洞源于/api/admin/assign-badge端点缺少适当的访问控制，可能导致权限提升和管理员角色冒充。

N/A

N/A