VYPR

Litmus

by Litmuschaos

Source repositories

CVEs (8)

  • CVE-2025-8797MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-8795MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate the attack remotely.…

  • CVE-2025-8791MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argument role leads to improper authorization. The attack may be initiated remotely.…

  • CVE-2025-14261HigDec 8, 2025
    risk 0.39cvss 7.1epss 0.00

    The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.

  • CVE-2025-8796MedAug 10, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing…

  • CVE-2025-8794MedAug 10, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local…

  • CVE-2025-8793MedAug 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely.…

  • CVE-2025-8792MedAug 10, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed…