CTFER Chall-Manager Network Policy Misconfiguration Vulnerability Allowing Namespace Pivoting

A vulnerability in CTFER Chall-Manager versions prior to 0.6.5 allows malicious actors to pivot from one instance to any Pod in a different namespace. This issue arises from a misconfigured NetworkPolicy that fails to properly isolate instances, particularly in the 'sdk/kubernetes.Kompose' context. As a result, the expected security-by-default is compromised, potentially enabling lateral movement within the environment.

Impact

Exploitation of this vulnerability could lead to unauthorized access to Pods in other namespaces, allowing for lateral movement and potential manipulation of resources or data within those Pods.

Reproduction

The vulnerability can be reproduced by deploying CTFER Chall-Manager versions prior to 0.6.5 and creating a NetworkPolicy that does not properly isolate namespaces. This can be done by allowing traffic between Pods in different namespaces, which can be verified by attempting to access a Pod in another namespace from an instance that should be isolated.

Remediation

To address this vulnerability, update CTFER Chall-Manager to version 0.6.5 or later. If an immediate update is not possible, manually delete the 'inter-ns' NetworkPolicy in the affected namespace and apply the update as soon as feasible.