Filtered by vendor Chaos-mesh
Subscriptions
Filtered by product Chaos-mesh
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59358 | 1 Chaos-mesh | 1 Chaos-mesh | 2025-09-17 | 7.5 High |
| The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service. | ||||
| CVE-2025-59359 | 1 Chaos-mesh | 1 Chaos-mesh | 2025-09-17 | 9.8 Critical |
| The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | ||||
| CVE-2025-59360 | 1 Chaos-mesh | 1 Chaos-mesh | 2025-09-17 | 9.8 Critical |
| The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | ||||
| CVE-2025-59361 | 1 Chaos-mesh | 1 Chaos-mesh | 2025-09-17 | 9.8 Critical |
| The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | ||||
| CVE-2024-36538 | 1 Chaos-mesh | 1 Chaos-mesh | 2025-06-27 | 8.8 High |
| Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
Page 1 of 1.