Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FlagForgeCTF's Improper Session Handling Allows Access After Logout
Vulnerability Description
Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still valid post-logout, which can allow unauthorized actions. This issue has been patched in version 2.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
会话固定
Vulnerability Title
Flag Forge 代码问题漏洞
Vulnerability Description
Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.2.0版本至2.3.1之前版本存在代码问题漏洞,该漏洞源于会话失效处理不当,可能导致未经授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A