PT-2024-17206 · Ctfd · Ctfd
Blazej Adamczyk
+2
·
Published
2024-12-31
·
Updated
2025-01-03
·
CVE-2024-11716
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
CTFd versions 3.7.0 through 3.7.4
Description
A flaw in logic implementation in CTFd allows an authenticated user to reset their team assignment and join another team while a competition is ongoing. This issue impacts releases from 3.7.0 up to 3.7.4. The problem was addressed in the 3.7.5 release.
Recommendations
For versions 3.7.0 through 3.7.4, update to version 3.7.5 to resolve the issue.
As a temporary workaround, consider restricting team changes during ongoing competitions until the update to version 3.7.5 is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ctfd