{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T09:47:00.681","vulnerabilities":[{"cve":{"id":"CVE-2024-42988","sourceIdentifier":"cve@mitre.org","published":"2024-10-09T17:15:16.337","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+."},{"lang":"es","value":"La falta de control de acceso en ChallengeSolves (/api/v1/challenges//solves) de CTFd v2.0.0 - v3.7.2 permite que los usuarios autenticados recuperen una lista de usuarios que han resuelto el desafío, independientemente de la configuración de Visibilidad de la cuenta. El problema se solucionó en la versión v3.7.3+."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.ctfd.io/ctfd-3-7-3/","source":"cve@mitre.org"},{"url":"https://github.com/CTFd/CTFd/pull/2570","source":"cve@mitre.org"},{"url":"https://github.com/CTFd/CTFd/releases/tag/3.7.3","source":"cve@mitre.org"}]}}]}