CTFd 3.7.6 has been released with a security configuration improvement. The TRUSTED_HOSTS config setting has been added to config.ini to restrict CTFd to trusted hostnames. This can help prevent attacks against CTFd when CTFd has been deployed without a reverse proxy (e.g. nginx) or if…
CTFd 3.7.4 has been released with a security fix for a vulnerability where an attacker could perform a Denial of Service against a CTFd instance. CTFd v2.2.0 to v3.7.3 are affected. We recommend all CTFd users update their instance to v3.7.4. If…
CTFd v3.3.1 is available now with a security fix for an issue where users could join a team without knowing the team password or having a team invite. The malicious user would not have gained any additional permissions on the team or within CTFd, however it is possible…