CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

CVE-2024-42056

Retool (self-hosted Enterprise) is affected through versions 3.18.1–3.40.0. The issue arises from inserting resource authentication credentials into sent data, enabling an authenticated attacker with low-privilege permissions (Use) to discover credentials via the /api/resources endpoint. Impact i...