← Back

Chaos Mesh

chaos-mesh

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Chaos Mesh
chaos_mesh
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-59361
1Chaos Mesh
1Chaos Mesh
Oct 14, 2025
Sep 15, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across t...Show more
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.Show less
CVE-2025-59360
1Chaos Mesh
1Chaos Mesh
Oct 14, 2025
Sep 15, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across t...Show more
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.Show less
CVE-2025-59359
1Chaos Mesh
1Chaos Mesh
Oct 14, 2025
Sep 15, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the c...Show more
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.Show less
CVE-2025-59358
1Chaos Mesh
1Chaos Mesh
Oct 14, 2025
Sep 15, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to c...Show more
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.Show less
CVE-2024-36538
1Chaos Mesh
1Chaos Mesh
Oct 14, 2025
Jul 24, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.