Chaos Mesh

chaos_mesh

Vendor: Chaos Mesh • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-59361 1Chaos Mesh 1Chaos Mesh Oct 14, 2025 Sep 15, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across t...Show more The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.Show less
CVE-2025-59360 1Chaos Mesh 1Chaos Mesh Oct 14, 2025 Sep 15, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across t...Show more The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.Show less
CVE-2025-59359 1Chaos Mesh 1Chaos Mesh Oct 14, 2025 Sep 15, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the c...Show more The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.Show less
CVE-2025-59358 1Chaos Mesh 1Chaos Mesh Oct 14, 2025 Sep 15, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to c...Show more The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.Show less
CVE-2024-36538 1Chaos Mesh 1Chaos Mesh Oct 14, 2025 Jul 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.