Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-11716
PUBLISHED
More InfoOfficial Page
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
View Known Exploited Vulnerability (KEV) details
Published At-02 Jan, 2025 | 16:07
Updated At-03 Nov, 2025 | 21:52
Rejected At-
▼CVE Numbering Authority (CNA)

While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636  included in 3.7.5 release.

Affected Products
Vendor
CTFd
Product
CTFd
Repo
https://github.com/CTFd/CTFd
Default Status
unaffected
Versions
Affected
  • From 3.7.0 through 3.7.4 (git)
Problem Types
TypeCWE IDDescription
CWECWE-837CWE-837 Improper Enforcement of a Single, Unique Action
Type: CWE
CWE ID: CWE-837
Description: CWE-837 Improper Enforcement of a Single, Unique Action
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Błażej Adamczyk (efigo.pl)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/CTFd/CTFd/pull/2636
patch
https://cert.pl/en/posts/2025/01/CVE-2024-11716
third-party-advisory
https://ctfd.io/
product
https://blog.ctfd.io/ctfd-3-7-5/
vendor-advisory
https://seclists.org/fulldisclosure/2024/Dec/21
mailing-list
exploit
Hyperlink: https://github.com/CTFd/CTFd/pull/2636
Resource:
patch
Hyperlink: https://cert.pl/en/posts/2025/01/CVE-2024-11716
Resource:
third-party-advisory
Hyperlink: https://ctfd.io/
Resource:
product
Hyperlink: https://blog.ctfd.io/ctfd-3-7-5/
Resource:
vendor-advisory
Hyperlink: https://seclists.org/fulldisclosure/2024/Dec/21
Resource:
mailing-list
exploit
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://seclists.org/fulldisclosure/2024/Dec/21
exploit
Hyperlink: https://seclists.org/fulldisclosure/2024/Dec/21
Resource:
exploit
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2024/Dec/21
N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Dec/21
Resource: N/A
Details not found