Ctfer-io

Chall-manager

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.05%
  • Veröffentlicht 20.03.2026 05:30:07
  • Zuletzt bearbeitet 08.04.2026 20:49:11

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This break...

  • EPSS 0.16%
  • Veröffentlicht 10.07.2025 19:39:57
  • Zuletzt bearbeitet 14.08.2025 20:41:40

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not ...

  • EPSS 0.14%
  • Veröffentlicht 10.07.2025 19:38:19
  • Zuletzt bearbeitet 14.08.2025 20:44:46

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation do...

  • EPSS 0.06%
  • Veröffentlicht 10.07.2025 19:36:47
  • Zuletzt bearbeitet 14.08.2025 20:49:48

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require a...