CVE-2024-11717

{"id": "CVE-2024-11717", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-02T17:15:07.600", "references": [{"url": "https://blog.ctfd.io/ctfd-3-7-5/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/en/posts/2025/01/CVE-2024-11716", "source": "cvd@cert.pl"}, {"url": "https://ctfd.io/", "source": "cvd@cert.pl"}, {"url": "https://github.com/CTFd/CTFd/pull/2679", "source": "cvd@cert.pl"}, {"url": "https://seclists.org/fulldisclosure/2024/Dec/21", "source": "cvd@cert.pl"}, {"url": "http://seclists.org/fulldisclosure/2024/Dec/21", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/fulldisclosure/2024/Dec/21", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-837"}, {"lang": "en", "value": "CWE-1391"}]}], "descriptions": [{"lang": "en", "value": "Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account.\u00a0Moreover, the tokens also include base64 encoded user email.\n\nThis issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 \u00a0included in 3.7.5 release."}, {"lang": "es", "value": "Los tokens en CTFd que se usan para activar cuentas y restablecer contrase\u00f1as se pueden usar indistintamente para estas operaciones. Cuando se usan, se env\u00edan al servidor como un par\u00e1metro GET y no son de un solo uso, lo que significa que, durante el tiempo de expiraci\u00f3n del token, un atacante en la ruta podr\u00eda reutilizar dicho token para cambiar la contrase\u00f1a del usuario y tomar el control de la cuenta. Adem\u00e1s, los tokens tambi\u00e9n incluyen el correo electr\u00f3nico del usuario codificado en base64. Este problema afecta a las versiones hasta la 3.7.4 y se solucion\u00f3 mediante la solicitud de incorporaci\u00f3n de cambios 2679 https://github.com/CTFd/CTFd/pull/2679 incluida en la versi\u00f3n 3.7.5."}], "lastModified": "2025-11-03T22:16:38.800", "sourceIdentifier": "cvd@cert.pl"}