Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

GZ::CTF

0.20.1

Source

security-advisories@github.com

CVE-2024-34699 details

Published : May 14, 2024, 3:39 p.m.
Last Modified : May 14, 2024, 4:12 p.m.

Description

GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in `v0.20.1`.

CVSS Score

1	2	3	4	5	6.5	7	8	9	10

Weakness

Weakness	Name	Description

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

6.5

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

URL	Source
https://github.com/GZTimeWalker/GZCTF/commit/31e775b65cddf82a567d68dcdc78c1739b746346	security-advisories@github.com
https://github.com/GZTimeWalker/GZCTF/security/advisories/GHSA-p6rq-5x3x-rmhh	security-advisories@github.com

This website uses the NVD API, but is not approved or certified by it.

CVE-2024-34699

Products

Source

Tags

CVE-2024-34699 details

Description

CVSS Score

Weakness

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

References