Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in kctf
Vulnerability Description
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Google kCTF 安全漏洞
Vulnerability Description
Google kCTF是美国谷歌(Google)公司的一个基于 Kubernetes 的 CTF 竞赛基础设施。 Google kCTF v1.6.0 之前版本存在安全漏洞,该漏洞源于kctf 集群存在安全问题,攻击者利用该漏洞可以破坏kctf 的ip源范围设置。
CVSS Information
N/A
Vulnerability Type
N/A