The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path Traversal due to a missing trailing path separator in the strings.HasPrefix check. The extractor allows arbitrary file writes (e.g., overwriting shell configs, SSH keys, kubeconfig, or crontabs), enabling RCE and persistent backdoors.
The attack surface is further amplified by the default ReadWriteMany PVC access mode, which lets any pod in the cluster inject a malicious payload. This issue has been fixed in version 0.2.2.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Ctfer Monitoring
cpe:2.3:a:ctfer:monitoring:*:*:*:*:*:go:*:*
|
— |
0.2.2
|
References 3
https://github.com/ctfer-io/monitoring/commit/269dba165aa42210352628c0db6756f3b…
security-advisories@github.com
https://github.com/ctfer-io/monitoring/security/advisories/GHSA-f7cq-gvh6-qr25
security-advisories@github.com
https://security.snyk.io/research/zip-slip-vulnerability#expandable-socPI9fFAJ-…
security-advisories@github.com