Primary

Context

Flag Forge Unauthenticated Resource Modification and Deletion Vulnerability

Vulnerability

A broken access control vulnerability has been identified in Flag Forge versions 2.0.0 prior to 2.3.1. The issue resides in the /api/resources endpoint, which allowed POST and DELETE requests without proper authentication or authorization. This flaw could have enabled unauthorized users to create, modify, or delete resources on the platform, impacting the integrity of the data and the overall platform functionality.

Impact

Exploitation of this vulnerability could lead to unauthorized modification or deletion of resources, disrupting the integrity of the platform and its data.

Remediation

Users are advised to update Flag Forge to version 2.3.1 or later. The patched version requires authentication and validates user permissions before allowing POST or DELETE requests to modify resources.

Added: Sep 27, 2025, 1:19 AM

Updated: Sep 27, 2025, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flag Forge Unauthenticated Resource Modification and Deletion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating