9 matches found
CVE-2025-61777
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
CVE-2025-61777
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
EUVD-2025-32560
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
CVE-2025-61777
Flag Forge (CTF platform) prior to v2.3.2 exposed unauthenticated access via GET /api/admin/badge-templates and POST /api/admin/badge-templates/create, enabling retrieval of all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and potential creation of templates. Root caus...
PT-2025-40914
Name of the Vulnerable Software and Affected Versions FlagForge versions 2.0.0 through 2.3.2 Description FlagForge, a Capture The Flag CTF platform, had endpoints that did not require authentication or authorization. Specifically, the /api/admin/badge-templates GET and...
Flag Forge 访问控制错误漏洞
Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An access control error vulnerability exists in Flag Forge versions 2.0.0 through prior to 2.3.2, which stems from a lack of authentication and authorization checks in the /api/admin/badge-templates and...