0X0W1Z

**Name of the Vulnerable Software and Affected Versions** FlagForge versions 2.0.0 through 2.3.2 **Description** FlagForge, a Capture The Flag (CTF) platform, had endpoints that did not require authentication or authorization. Specifically, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints allowed unauthorized access. This allowed retrieval of badge templates and sensitive metadata (`createdBy`, `createdAt`, `updatedAt`) and the creation of arbitrary badge templates in the database. This could lead to data exposure and database pollution. The issue affected the badge system. **Recommendations** Versions prior to 2.3.2 should be updated to version 2.3.2 or later.