VYPR

Chall Manager

by Ctfer Io

Source repositories

CVEs (4)

  • CVE-2026-32768CriMar 20, 2026
    risk 0.57cvss 9.9epss 0.00

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default…

  • CVE-2025-53634Jul 10, 2025
    risk 0.00cvss epss 0.00

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor…

  • CVE-2025-53633Jul 10, 2025
    risk 0.00cvss epss 0.00

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication…

  • CVE-2025-53632Jul 10, 2025
    risk 0.00cvss epss 0.01

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor…