VYPR

Chaos Mesh

by Chaos Mesh

Source repositories

CVEs (5)

  • CVE-2025-59361Sep 15, 2025
    risk 0.00cvss epss 0.03

    The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

  • CVE-2025-59360Sep 15, 2025
    risk 0.00cvss epss 0.03

    The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

  • CVE-2025-59359Sep 15, 2025
    risk 0.00cvss epss 0.03

    The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

  • CVE-2025-59358Sep 15, 2025
    risk 0.00cvss epss 0.01

    The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.

  • CVE-2024-36538Jul 24, 2024
    risk 0.00cvss epss 0.01

    Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.