Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
References
Link | Resource |
---|---|
https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw | Vendor Advisory |
Configurations
History
08 Oct 2025, 16:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw - Vendor Advisory | |
First Time |
Flagforge
Flagforge flagforge |
|
CPE | cpe:2.3:a:flagforge:flagforge:*:*:*:*:*:*:*:* |
27 Sep 2025, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-09-27 01:15
Updated : 2025-10-08 16:56
NVD link : CVE-2025-59932
Mitre link : CVE-2025-59932
CVE.ORG link : CVE-2025-59932
JSON object : View
Products Affected
flagforge
- flagforge
CWE
CWE-284
Improper Access Control