CVE-2022-31055
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
5 MEDIUM
Description
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:google:kctf:*:*:*:*:*:*:*:* | n/a | 1.6.0 | * |