Description
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5.
Published: 2026-03-20
Score: 7.9 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized lateral movement across Kubernetes namespaces
Action: Patch Now
AI Analysis

Impact

A misconfigured NetworkPolicy in Chall‑Manager versions before 0.6.5 allows an attacker that can access an instance pod to reach any pod outside the originating namespace. This violation of security‑by‑default isolation can enable lateral movement, potentially granting access to sensitive data or services within the cluster. The vulnerability is an improper authorization weakness (CWE‑284).

Affected Systems

The vulnerability affects ctfer‑io Chall‑Manager, specifically all deployments running a version earlier than 0.6.5. Any instance of this platform subject to the default NetworkPolicy configuration is susceptible.

Risk and Exploitability

The CVSS score of 7.9 indicates high severity, yet the EPSS score of less than 1% suggests low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require presence within the same Kubernetes cluster and ability to run or interact with a Chall‑Manager instance; once achieved, the attacker can pivot to other pods due to the broken namespace isolation.

Generated by OpenCVE AI on April 8, 2026 at 23:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chall‑Manager to version 0.6.5 or later
  • Verify that the Kubernetes NetworkPolicy correctly isolates pods within each namespace
  • Validate cluster permissions to ensure only authorized workloads can access the Chall‑Manager service

Generated by OpenCVE AI on April 8, 2026 at 23:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mw24-f3xh-j3qv Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
History

Wed, 08 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ctfer-io:chall-manager:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Fri, 20 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Ctfer-io
Ctfer-io chall-manager
Vendors & Products Ctfer-io
Ctfer-io chall-manager

Fri, 20 Mar 2026 05:45:00 +0000

Type Values Removed Values Added
Description Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5.
Title Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 7.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Ctfer-io Chall-manager
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T15:58:42.743Z

Reserved: 2026-03-13T18:53:03.534Z

Link: CVE-2026-32768

cve-icon Vulnrichment

Updated: 2026-03-20T15:58:37.611Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T06:16:09.937

Modified: 2026-04-08T20:49:11.647

Link: CVE-2026-32768

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:29:40Z

Weaknesses