Primary

Context

Flag Forge Capture The Flag Platform Arbitrary Challenge Creation Vulnerability

Vulnerability

A vulnerability exists in Flag Forge, a Capture The Flag (CTF) platform, in version 2.1.0. Non-admin users are able to create arbitrary challenges, which could lead to the introduction of malicious, incorrect, or misleading content. This issue has been addressed in version 2.2.0.

Impact

This vulnerability allows non-admin users to create challenges that could be harmful, inaccurate, or deceptive, potentially undermining the platform's integrity and trustworthiness among users.

Remediation

Users can update to Flag Forge version 2.2.0, where this vulnerability has been patched.

Added: Sep 23, 2025, 9:17 PM

Updated: Sep 23, 2025, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flag Forge Capture The Flag Platform Arbitrary Challenge Creation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating