Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement.
In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v4.0
Weakness Type (CWE)
References 3
https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d…
security-advisories@github.com
https://github.com/ctfer-io/chall-manager/releases/tag/v0.6.5
security-advisories@github.com
https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3…
security-advisories@github.com