CVE-2024-11716 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticate…
Medium CVSS: 5.3

CVE-2024-11716

While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing.
This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636  included in 3.7.5 release.
Vendor
-
Product
-
CWE
CWE-837
Yayın Tarihi
2025-01-02 17:15:07
Güncelleme
2025-11-03 22:16:38
Source Identifier
cvd@cert.pl
KEV Date Added
-

Kategoriler

CWE-837 MEDIUM 2025

Referanslar

https://blog.ctfd.io/ctfd-3-7-5/ https://cert.pl/en/posts/2025/01/CVE-2024-11716 https://ctfd.io/ https://github.com/CTFd/CTFd/pull/2636 https://seclists.org/fulldisclosure/2024/Dec/21 http://seclists.org/fulldisclosure/2024/Dec/21 https://seclists.org/fulldisclosure/2024/Dec/21