Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Vulnerability Description
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Chall-Manager 访问控制错误漏洞
Vulnerability Description
Chall-Manager是CTFer.io开源的一个开源项目。 Chall-Manager 0.6.5之前版本存在访问控制错误漏洞,该漏洞源于网络策略配置错误,可能导致横向移动。
CVSS Information
N/A
Vulnerability Type
N/A