Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FlagForgeCTF Unauthenticated Resource Modification/Deletion
Vulnerability Description
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Flag Forge 访问控制错误漏洞
Vulnerability Description
Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.0.0版本至2.3.1之前版本存在访问控制错误漏洞,该漏洞源于/api/resources端点缺少适当的身份验证和授权,可能导致未授权用户创建、修改或删除平台资源。
CVSS Information
N/A
Vulnerability Type
N/A