CVE-2024-42988
Published Oct 9, 2024
Last updated a month ago
Overview
- Description
- Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
Social media
- Hype score
- Not currently trending