Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Vulnerability Description
Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. The flawed inter-ns NetworkPolicy breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This issue has been fixed in version 0.1.1. To workaround, delete the failing network policy that should be prefixed by inter-ns- in the target namespace.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Fullchain 访问控制错误漏洞
Vulnerability Description
Fullchain是CTFer.io开源的一个CTF竞赛平台。 Fullchain 0.1.1之前版本存在访问控制错误漏洞,该漏洞源于网络策略配置错误,可能导致横向移动。
CVSS Information
N/A
Vulnerability Type
N/A