MidnightBSD

Advisories for chaos-mesh

CVE-2024-36538

Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

Products Affected

Vendor Product Version
chaos-mesh chaos_mesh 2.6.3
chaos-mesh chaos-mesh 2.6.3
CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
reefs@jfrog.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
chaos-mesh chaos_mesh *
CVE-2025-59359

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
reefs@jfrog.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
chaos-mesh chaos_mesh *
CVE-2025-59360

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
reefs@jfrog.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
chaos-mesh chaos_mesh *
CVE-2025-59361

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
reefs@jfrog.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
chaos-mesh chaos_mesh *