At0Mxploit

**Name of the Vulnerable Software and Affected Versions** Flag Forge versions 2.0.0 through 2.3.0 **Description** The Flag Forge platform contained a security issue where the `/api/resources` API endpoint permitted POST and DELETE requests without appropriate authentication or authorization. This allowed unauthorized users to create, modify, or delete resources. **Recommendations** Upgrade to version 2.3.1 to address the issue.

**Name of the Vulnerable Software and Affected Versions** Flag Forge versions 2.0.0 through 2.3.0 **Description** Flag Forge, a Capture The Flag (CTF) platform, has an issue where the public API endpoint `/api/user/[username]` returns user email addresses in its JSON response. This exposes sensitive user information. The issue is addressed in version 2.3.1, which removes email addresses from public API responses while maintaining the endpoint's public accessibility. The vulnerable parameter is `username`. **Recommendations** Upgrade to Flag Forge version 2.3.1 or later.