Common Weakness Enumeration

CWE-837

Allowed

Improper Enforcement of a Single, Unique Action

Abstraction: Base · Status: Incomplete

The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.

32 vulnerabilities reference this CWE, most recent first.

CVE-2026-44601 (GCVE-0-2026-44601)

Vulnerability from cvelistv5 – Published: 2026-05-07 03:09 – Updated: 2026-05-07 14:58
VLAI
Summary
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Vendor Product Version
torproject Tor Affected: 0 , < 0.4.9.7 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:56:45.000287Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T14:58:24.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Tor",
          "vendor": "torproject",
          "versions": [
            {
              "lessThan": "0.4.9.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.4.9.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837 Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T03:25:19.794Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
        },
        {
          "url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237"
        },
        {
          "url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-44601",
    "datePublished": "2026-05-07T03:09:51.106Z",
    "dateReserved": "2026-05-07T03:09:50.703Z",
    "dateUpdated": "2026-05-07T14:58:24.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42609 (GCVE-0-2026-42609)

Vulnerability from cvelistv5 – Published: 2026-05-11 15:03 – Updated: 2026-05-14 17:56
VLAI
Title
Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic
Summary
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account's metadata and permissions instead of rejecting the request. This leads to a Denial of Service (DoS) on administrative functions and Privilege De-escalation of the root account. This vulnerability is fixed in 2.0.0-beta.2.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
  • CWE-285 - Improper Authorization
  • CWE-639 - Authorization Bypass Through User-Controlled Key
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Vendor Product Version
getgrav grav Affected: < 2.0.0-beta.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42609",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T17:56:12.800871Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T17:56:41.506Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/getgrav/grav/security/advisories/GHSA-rr73-568v-28f8"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grav",
          "vendor": "getgrav",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.0.0-beta.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account\u0027s metadata and permissions instead of rejecting the request. This leads to a Denial of Service (DoS) on administrative functions and Privilege De-escalation of the root account. This vulnerability is fixed in 2.0.0-beta.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837: Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T15:03:38.296Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/getgrav/grav/security/advisories/GHSA-rr73-568v-28f8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/getgrav/grav/security/advisories/GHSA-rr73-568v-28f8"
        },
        {
          "name": "https://github.com/getgrav/grav/commit/5a12f9be8314682c8713e569e330f11805d0a663",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/getgrav/grav/commit/5a12f9be8314682c8713e569e330f11805d0a663"
        },
        {
          "name": "https://github.com/getgrav/grav/commit/c66dfeb5ff679a1667678c6335eb9ff3255dfc47",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/getgrav/grav/commit/c66dfeb5ff679a1667678c6335eb9ff3255dfc47"
        },
        {
          "name": "https://github.com/getgrav/grav/commit/d904efc33e03ebb597afde8d3368b28cf0423632",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/getgrav/grav/commit/d904efc33e03ebb597afde8d3368b28cf0423632"
        }
      ],
      "source": {
        "advisory": "GHSA-rr73-568v-28f8",
        "discovery": "UNKNOWN"
      },
      "title": "Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42609",
    "datePublished": "2026-05-11T15:03:38.296Z",
    "dateReserved": "2026-04-29T00:31:15.725Z",
    "dateUpdated": "2026-05-14T17:56:41.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62784 (GCVE-0-2025-62784)

Vulnerability from cvelistv5 – Published: 2025-10-27 20:59 – Updated: 2025-10-28 14:32
VLAI
Title
InventoryGui allows item duplication in GUIs which use GuiStorageElement
Summary
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.5.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
References
Impacted products
Vendor Product Version
Phoenix616 InventoryGui Affected: < 1.6.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-28T14:29:16.888344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-28T14:32:11.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InventoryGui",
          "vendor": "Phoenix616",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.5."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837: Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-27T20:59:22.085Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-7whh-79j3-7c55",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-7whh-79j3-7c55"
        },
        {
          "name": "https://github.com/Phoenix616/InventoryGui/commit/690fc91d137c6cc04f6ed3a89449050964dd8cb9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/commit/690fc91d137c6cc04f6ed3a89449050964dd8cb9"
        }
      ],
      "source": {
        "advisory": "GHSA-7whh-79j3-7c55",
        "discovery": "UNKNOWN"
      },
      "title": "InventoryGui allows item duplication in GUIs which use GuiStorageElement"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62784",
    "datePublished": "2025-10-27T20:59:22.085Z",
    "dateReserved": "2025-10-22T18:55:48.008Z",
    "dateUpdated": "2025-10-28T14:32:11.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-62783 (GCVE-0-2025-62783)

Vulnerability from cvelistv5 – Published: 2025-10-27 20:54 – Updated: 2025-10-28 14:32
VLAI
Title
InventoryGui affected by item duplication in GUIs which use GuiStorageElement
Summary
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Vendor Product Version
Phoenix616 InventoryGui Affected: < 1.6.2-SNAPSHOT
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62783",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-28T14:31:23.528723Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-28T14:32:27.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InventoryGui",
          "vendor": "Phoenix616",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.2-SNAPSHOT"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement  can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837: Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-27T20:54:36.254Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-598q-jw82-5w66",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-598q-jw82-5w66"
        },
        {
          "name": "https://github.com/Phoenix616/InventoryGui/issues/48",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/issues/48"
        },
        {
          "name": "https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029"
        }
      ],
      "source": {
        "advisory": "GHSA-598q-jw82-5w66",
        "discovery": "UNKNOWN"
      },
      "title": "InventoryGui affected by item duplication in GUIs which use GuiStorageElement"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62783",
    "datePublished": "2025-10-27T20:54:36.254Z",
    "dateReserved": "2025-10-22T18:55:48.008Z",
    "dateUpdated": "2025-10-28T14:32:27.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-62782 (GCVE-0-2025-62782)

Vulnerability from cvelistv5 – Published: 2025-10-27 20:50 – Updated: 2025-10-28 14:33
VLAI
Title
InventoryGUI vulnerable to item duplication via Bundle items when using GuiStorageElement
Summary
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.4-SNAPSHOT.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Vendor Product Version
Phoenix616 InventoryGui Affected: < 1.6.4-SNAPSHOT
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-28T14:32:02.773622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-28T14:33:18.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InventoryGui",
          "vendor": "Phoenix616",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.4-SNAPSHOT"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.4-SNAPSHOT."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:L/SC:N/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837: Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-27T20:50:07.579Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-rgvh-4m82-fvjq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-rgvh-4m82-fvjq"
        },
        {
          "name": "https://github.com/Phoenix616/InventoryGui/issues/51",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/issues/51"
        },
        {
          "name": "https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494"
        }
      ],
      "source": {
        "advisory": "GHSA-rgvh-4m82-fvjq",
        "discovery": "UNKNOWN"
      },
      "title": "InventoryGUI vulnerable to item duplication via Bundle items when using GuiStorageElement"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62782",
    "datePublished": "2025-10-27T20:50:07.579Z",
    "dateReserved": "2025-10-22T18:55:48.008Z",
    "dateUpdated": "2025-10-28T14:33:18.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-58135 (GCVE-0-2025-58135)

Vulnerability from cvelistv5 – Published: 2025-09-09 21:45 – Updated: 2025-09-10 19:33
VLAI
Title
Zoom Workplace Clients for Windows - Improper Action Enforcement
Summary
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Date Public
2025-09-09 12:01
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-10T19:32:54.091406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-10T19:33:42.439Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Zoom Workplace Clients for Windows",
          "vendor": "Zoom Communications, Inc",
          "versions": [
            {
              "lessThan": "see references",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-09-09T12:01:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\n\n\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eImproper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.\u003c/span\u003e\u003c/b\u003e\n\n\u003c/span\u003e\u003c/b\u003e\n\n\u003cbr\u003e\u003c/span\u003e"
            }
          ],
          "value": "Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837: Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T21:45:52.362Z",
        "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "shortName": "Zoom"
      },
      "references": [
        {
          "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25036"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Zoom Workplace Clients for Windows - Improper Action Enforcement",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
    "assignerShortName": "Zoom",
    "cveId": "CVE-2025-58135",
    "datePublished": "2025-09-09T21:45:52.362Z",
    "dateReserved": "2025-08-25T21:15:02.863Z",
    "dateUpdated": "2025-09-10T19:33:42.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54315 (GCVE-0-2025-54315)

Vulnerability from cvelistv5 – Published: 2025-10-02 00:00 – Updated: 2025-10-02 19:33
VLAI
Summary
The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Vendor Product Version
Matrix Matrix specification Affected: 0 , < 1.16 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54315",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-02T19:32:58.816075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-02T19:33:55.972Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Matrix specification",
          "vendor": "Matrix",
          "versions": [
            {
              "lessThan": "1.16",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837 Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T18:33:02.491Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/matrix-org/matrix-spec/releases/tag/v1.16"
        },
        {
          "url": "https://matrix.org/blog/2025/08/project-hydra-improving-state-res/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-54315",
    "datePublished": "2025-10-02T00:00:00.000Z",
    "dateReserved": "2025-07-20T00:00:00.000Z",
    "dateUpdated": "2025-10-02T19:33:55.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12123 (GCVE-0-2024-12123)

Vulnerability from cvelistv5 – Published: 2024-12-04 03:26 – Updated: 2024-12-04 14:09
VLAI
Title
Unauthorized Modification of Ticket Requester
Summary
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.  When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.  The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-472 - External Control of Assumed-Immutable Web Parameter
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Vendor Product Version
Issuetrak Issuetrak Affected: Issuetrak 17.1
Create a notification for this product.
Date Public
2024-12-03 08:00
Credits
Harrison Daley
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12123",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:05:29.170205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:09:11.911Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Issuetrak",
          "vendor": "Issuetrak",
          "versions": [
            {
              "status": "affected",
              "version": "Issuetrak 17.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Harrison Daley"
        }
      ],
      "datePublic": "2024-12-03T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eA hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.\u0026nbsp;\n\nWhen an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.\u0026nbsp; The ticket requester can be changed from the original requester to another user in the same application, \nwhich the application then accepts.\n\n\u003c/span\u003e"
            }
          ],
          "value": "A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.\u00a0\n\nWhen an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.\u00a0 The ticket requester can be changed from the original requester to another user in the same application, \nwhich the application then accepts."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-162",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-162 Manipulating Hidden Fields"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-472",
              "description": "CWE-472: External Control of Assumed-Immutable Web Parameter",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837 Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T03:26:00.918Z",
        "orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
        "shortName": "Gridware"
      },
      "references": [
        {
          "url": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Ensure the Issuetrak application is updated to version 17.2 or later."
            }
          ],
          "value": "Ensure the Issuetrak application is updated to version 17.2 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthorized Modification of Ticket Requester",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
    "assignerShortName": "Gridware",
    "cveId": "CVE-2024-12123",
    "datePublished": "2024-12-04T03:26:00.918Z",
    "dateReserved": "2024-12-03T23:13:54.977Z",
    "dateUpdated": "2024-12-04T14:09:11.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11717 (GCVE-0-2024-11717)

Vulnerability from cvelistv5 – Published: 2025-01-02 16:08 – Updated: 2025-11-03 21:52
VLAI
Summary
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email. This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679  included in 3.7.5 release.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
  • CWE-1391 - Use of Weak Credentials
Assigner
Impacted products
Vendor Product Version
CTFd CTFd Affected: 0 , ≤ 3.7.4 (git)
Create a notification for this product.
Credits
Błażej Adamczyk (efigo.pl)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11717",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-02T17:32:55.312090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-02T17:33:59.325Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://seclists.org/fulldisclosure/2024/Dec/21"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:06.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Dec/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CTFd",
          "repo": "https://github.com/CTFd/CTFd",
          "vendor": "CTFd",
          "versions": [
            {
              "lessThanOrEqual": "3.7.4",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "B\u0142a\u017cej Adamczyk (efigo.pl)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eTokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user\u0027s password and take over the account.\u0026nbsp;Moreover, the tokens also include base64 encoded user email.\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eThis issue impacts releases up to 3.7.4 and was addressed by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/CTFd/CTFd/pull/2679\"\u003epull request 2679\u003c/a\u003e\u0026nbsp;included in 3.7.5 release.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user\u0027s password and take over the account.\u00a0Moreover, the tokens also include base64 encoded user email.\n\nThis issue impacts releases up to 3.7.4 and was addressed by  pull request 2679 https://github.com/CTFd/CTFd/pull/2679 \u00a0included in 3.7.5 release."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837 Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1391",
              "description": "CWE-1391 Use of Weak Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T16:08:20.242Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/01/CVE-2024-11716"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://ctfd.io/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/CTFd/CTFd/pull/2679"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://blog.ctfd.io/ctfd-3-7-5/"
        },
        {
          "tags": [
            "mailing-list",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2024/Dec/21"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2024-11717",
    "datePublished": "2025-01-02T16:08:20.242Z",
    "dateReserved": "2024-11-25T17:36:39.487Z",
    "dateUpdated": "2025-11-03T21:52:06.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11716 (GCVE-0-2024-11716)

Vulnerability from cvelistv5 – Published: 2025-01-02 16:07 – Updated: 2025-11-03 21:52
VLAI
Summary
While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636  included in 3.7.5 release.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
Impacted products
Vendor Product Version
CTFd CTFd Affected: 3.7.0 , ≤ 3.7.4 (git)
Create a notification for this product.
Credits
Błażej Adamczyk (efigo.pl)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11716",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-02T17:34:30.679929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-02T17:34:54.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://seclists.org/fulldisclosure/2024/Dec/21"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:05.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Dec/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CTFd",
          "repo": "https://github.com/CTFd/CTFd",
          "vendor": "CTFd",
          "versions": [
            {
              "lessThanOrEqual": "3.7.4",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "B\u0142a\u017cej Adamczyk (efigo.pl)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "While assignment of a user to a team (bracket) in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCTFd \u003c/span\u003e should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\u003cbr\u003eThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/CTFd/CTFd/pull/2636\"\u003epull request 2636\u003c/a\u003e\u0026nbsp;included in 3.7.5 release."
            }
          ],
          "value": "While assignment of a user to a team (bracket) in\u00a0CTFd  should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by  pull request 2636 https://github.com/CTFd/CTFd/pull/2636 \u00a0included in 3.7.5 release."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837 Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T16:07:46.868Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/CTFd/CTFd/pull/2636"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/01/CVE-2024-11716"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://ctfd.io/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://blog.ctfd.io/ctfd-3-7-5/"
        },
        {
          "tags": [
            "mailing-list",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2024/Dec/21"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2024-11716",
    "datePublished": "2025-01-02T16:07:46.868Z",
    "dateReserved": "2024-11-25T17:36:38.975Z",
    "dateUpdated": "2025-11-03T21:52:05.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.