Vulnerabilities > CVE-2022-31055 - Unspecified vulnerability in Google Kctf

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

google

NVD

Published: 2022-06-13

Updated: 2023-07-21

Summary

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Kctf - Google Kctf 1.0.0 Google Kctf 1.0.1 Google Kctf 1.0.2 Google Kctf 1.0.3 Google Kctf 1.0.4 Google Kctf 1.0.5 Google Kctf 1.0.6 Google Kctf 1.0.7 Google Kctf 1.0.8 Google Kctf 1.1.0 Google Kctf 1.2.0 Google Kctf 1.2.1 Google Kctf 1.3.0 Google Kctf 1.3.1 Google Kctf 1.3.2 Google Kctf 1.3.3 Google Kctf 1.3.4 Google Kctf 1.4.0 Google Kctf 1.5.0 Google Kctf 1.5.1 Google Kctf 1.5.2	22

Summary

Vulnerable Configurations

References