CVE-2024-11716 (GCVE-0-2024-11716)

Vulnerability from cvelistv5 – Published: 2025-01-02 16:07 – Updated: 2025-11-03 21:52
VLAI?
Summary
While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636  included in 3.7.5 release.
Severity ?
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CWE
  • CWE-837 - Improper Enforcement of a Single, Unique Action
Assigner
References
Impacted products
Vendor Product Version
CTFd CTFd Affected: 3.7.0 , ≤ 3.7.4 (git)
Create a notification for this product.
Credits
Błażej Adamczyk (efigo.pl)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11716",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-02T17:34:30.679929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-02T17:34:54.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://seclists.org/fulldisclosure/2024/Dec/21"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:05.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Dec/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CTFd",
          "repo": "https://github.com/CTFd/CTFd",
          "vendor": "CTFd",
          "versions": [
            {
              "lessThanOrEqual": "3.7.4",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "B\u0142a\u017cej Adamczyk (efigo.pl)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "While assignment of a user to a team (bracket) in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCTFd \u003c/span\u003e should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\u003cbr\u003eThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/CTFd/CTFd/pull/2636\"\u003epull request 2636\u003c/a\u003e\u0026nbsp;included in 3.7.5 release."
            }
          ],
          "value": "While assignment of a user to a team (bracket) in\u00a0CTFd  should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by  pull request 2636 https://github.com/CTFd/CTFd/pull/2636 \u00a0included in 3.7.5 release."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "CWE-837 Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T16:07:46.868Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/CTFd/CTFd/pull/2636"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/01/CVE-2024-11716"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://ctfd.io/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://blog.ctfd.io/ctfd-3-7-5/"
        },
        {
          "tags": [
            "mailing-list",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2024/Dec/21"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2024-11716",
    "datePublished": "2025-01-02T16:07:46.868Z",
    "dateReserved": "2024-11-25T17:36:38.975Z",
    "dateUpdated": "2025-11-03T21:52:05.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"While assignment of a user to a team (bracket) in\\u00a0CTFd  should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\\nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by  pull request 2636 https://github.com/CTFd/CTFd/pull/2636 \\u00a0included in 3.7.5 release.\"}, {\"lang\": \"es\", \"value\": \"Si bien la asignaci\\u00f3n de un usuario a un equipo (grupo) en CTFd deber\\u00eda ser posible solo una vez, en el momento del registro, una falla en la implementaci\\u00f3n de la l\\u00f3gica permite que un usuario autenticado restablezca su grupo y luego elija uno nuevo, uni\\u00e9ndose a otro equipo mientras una competencia ya est\\u00e1 en curso. Este problema afecta las versiones desde la 3.7.0 hasta la 3.7.4 y se solucion\\u00f3 mediante la solicitud de incorporaci\\u00f3n de cambios 2636 https://github.com/CTFd/CTFd/pull/2636 incluida en la versi\\u00f3n 3.7.5.\"}]",
      "id": "CVE-2024-11716",
      "lastModified": "2025-01-02T18:15:15.367",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"cvd@cert.pl\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"LOW\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
      "published": "2025-01-02T17:15:07.090",
      "references": "[{\"url\": \"https://blog.ctfd.io/ctfd-3-7-5/\", \"source\": \"cvd@cert.pl\"}, {\"url\": \"https://cert.pl/en/posts/2025/01/CVE-2024-11716\", \"source\": \"cvd@cert.pl\"}, {\"url\": \"https://ctfd.io/\", \"source\": \"cvd@cert.pl\"}, {\"url\": \"https://github.com/CTFd/CTFd/pull/2636\", \"source\": \"cvd@cert.pl\"}, {\"url\": \"https://seclists.org/fulldisclosure/2024/Dec/21\", \"source\": \"cvd@cert.pl\"}, {\"url\": \"https://seclists.org/fulldisclosure/2024/Dec/21\", \"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]",
      "sourceIdentifier": "cvd@cert.pl",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"cvd@cert.pl\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-837\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-11716\",\"sourceIdentifier\":\"cvd@cert.pl\",\"published\":\"2025-01-02T17:15:07.090\",\"lastModified\":\"2025-11-03T22:16:38.667\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"While assignment of a user to a team (bracket) in\u00a0CTFd  should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\\nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by  pull request 2636 https://github.com/CTFd/CTFd/pull/2636 \u00a0included in 3.7.5 release.\"},{\"lang\":\"es\",\"value\":\"Si bien la asignaci\u00f3n de un usuario a un equipo (grupo) en CTFd deber\u00eda ser posible solo una vez, en el momento del registro, una falla en la implementaci\u00f3n de la l\u00f3gica permite que un usuario autenticado restablezca su grupo y luego elija uno nuevo, uni\u00e9ndose a otro equipo mientras una competencia ya est\u00e1 en curso. Este problema afecta las versiones desde la 3.7.0 hasta la 3.7.4 y se solucion\u00f3 mediante la solicitud de incorporaci\u00f3n de cambios 2636 https://github.com/CTFd/CTFd/pull/2636 incluida en la versi\u00f3n 3.7.5.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-837\"}]}],\"references\":[{\"url\":\"https://blog.ctfd.io/ctfd-3-7-5/\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://cert.pl/en/posts/2025/01/CVE-2024-11716\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://ctfd.io/\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://github.com/CTFd/CTFd/pull/2636\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://seclists.org/fulldisclosure/2024/Dec/21\",\"source\":\"cvd@cert.pl\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Dec/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/fulldisclosure/2024/Dec/21\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2024/Dec/21\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:52:05.067Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11716\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-02T17:34:30.679929Z\"}}}], \"references\": [{\"url\": \"https://seclists.org/fulldisclosure/2024/Dec/21\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-02T17:34:44.734Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"B\\u0142a\\u017cej Adamczyk (efigo.pl)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/CTFd/CTFd\", \"vendor\": \"CTFd\", \"product\": \"CTFd\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.7.0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"3.7.4\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/CTFd/CTFd/pull/2636\", \"tags\": [\"patch\"]}, {\"url\": \"https://cert.pl/en/posts/2025/01/CVE-2024-11716\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://ctfd.io/\", \"tags\": [\"product\"]}, {\"url\": \"https://blog.ctfd.io/ctfd-3-7-5/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2024/Dec/21\", \"tags\": [\"mailing-list\", \"exploit\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"While assignment of a user to a team (bracket) in\\u00a0CTFd  should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\\nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by  pull request 2636 https://github.com/CTFd/CTFd/pull/2636 \\u00a0included in 3.7.5 release.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"While assignment of a user to a team (bracket) in\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCTFd \u003c/span\u003e should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\u003cbr\u003eThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/CTFd/CTFd/pull/2636\\\"\u003epull request 2636\u003c/a\u003e\u0026nbsp;included in 3.7.5 release.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-837\", \"description\": \"CWE-837 Improper Enforcement of a Single, Unique Action\"}]}], \"providerMetadata\": {\"orgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"shortName\": \"CERT-PL\", \"dateUpdated\": \"2025-01-02T16:07:46.868Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-11716\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:52:05.067Z\", \"dateReserved\": \"2024-11-25T17:36:38.975Z\", \"assignerOrgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"datePublished\": \"2025-01-02T16:07:46.868Z\", \"assignerShortName\": \"CERT-PL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.