Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32768

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as...

7.9CVSS5.7AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.5 views

CVE-2026-32720

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/20 2:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to a misconfigured NetworkPolicy. An attacker can gain unauthorized access to resources in other namespaces by exploiting the flawed policy configuration, allowing lateral movement across the cluster. Workaroun...

9.8CVSS5.8AI score0.00501EPSS
Exploits1References2
OSV
OSV
added 2026/03/16 8:45 p.m.6 views

GHSA-MW24-F3XH-J3QV Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of...

7.9CVSS5.8AI score0.00284EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25861

Name of the Vulnerable Software and Affected Versions Fullchain versions prior to 0.1.1 Description Fullchain is a platform for deploying CTF Capture The Flag environments. A misconfigured NetworkPolicy allows a malicious actor to move laterally from a compromised application to any Pod in a...

7.1CVSS5.9AI score0.00501EPSS
Exploits1References10
CVE
CVE
added 2026/03/13 9:27 p.m.26 views

CVE-2026-32720

The CVE affects the github.com/ctfer-io/monitoring component. Root cause: a mis-written NetworkPolicy allowed a malicious actor to pivot from one component to another namespace, breaking security-by-default and enabling lateral movement. The vulnerability exists prior to version 0.2.1 and is addr...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/13 8:58 p.m.7 views

github.com/ctfer-io/monitoring Vulnerable to Improper Access Control

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy patches the...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/13 8:58 p.m.4 views

GHSA-7X23-J8GV-V54X github.com/ctfer-io/monitoring Vulnerable to Improper Access Control

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy patches the...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References6
Rows per page
Query Builder