{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T23:08:00.006","vulnerabilities":[{"cve":{"id":"CVE-2024-11716","sourceIdentifier":"cvd@cert.pl","published":"2025-01-02T17:15:07.090","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"While assignment of a user to a team (bracket) in CTFd  should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing.\nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by  pull request 2636 https://github.com/CTFd/CTFd/pull/2636  included in 3.7.5 release."},{"lang":"es","value":"Si bien la asignación de un usuario a un equipo (grupo) en CTFd debería ser posible solo una vez, en el momento del registro, una falla en la implementación de la lógica permite que un usuario autenticado restablezca su grupo y luego elija uno nuevo, uniéndose a otro equipo mientras una competencia ya está en curso. Este problema afecta las versiones desde la 3.7.0 hasta la 3.7.4 y se solucionó mediante la solicitud de incorporación de cambios 2636 https://github.com/CTFd/CTFd/pull/2636 incluida en la versión 3.7.5."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-837"}]}],"references":[{"url":"https://blog.ctfd.io/ctfd-3-7-5/","source":"cvd@cert.pl"},{"url":"https://cert.pl/en/posts/2025/01/CVE-2024-11716","source":"cvd@cert.pl"},{"url":"https://ctfd.io/","source":"cvd@cert.pl"},{"url":"https://github.com/CTFd/CTFd/pull/2636","source":"cvd@cert.pl"},{"url":"https://seclists.org/fulldisclosure/2024/Dec/21","source":"cvd@cert.pl"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/21","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://seclists.org/fulldisclosure/2024/Dec/21","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}