Sroettger

**Name of the Vulnerable Software and Affected Versions** kCTF versions prior to 1.6.0 **Description** The kCTF cluster set-src-ip-ranges feature was broken, allowing traffic from any IP. This issue has been patched in version 1.6.0. As a workaround for private challenge testing, users can mark challenges as `public: false` and use `kctf chal debug port-forward` to connect. **Recommendations** For versions prior to 1.6.0, update to version 1.6.0 to resolve the issue. As a temporary workaround, consider marking challenges as `public: false` and using `kctf chal debug port-forward` to connect for private testing.