admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-11716.md

18 lines
979 B
Markdown
Raw Permalink Normal View History

Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### [CVE-2024-11716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11716)
![](https://img.shields.io/static/v1?label=Product&message=CTFd&color=blue)
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
![](https://img.shields.io/static/v1?label=Version&message=3.7.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-837%20Improper%20Enforcement%20of%20a%20Single%2C%20Unique%20Action&color=brightgreen)
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### Description
While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing.This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636  included in 3.7.5 release.
### POC
#### Reference
- https://seclists.org/fulldisclosure/2024/Dec/21
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink