9 matches found
Improper Authentication Exposure
github.com/chaos-mesh/chaos-mesh is vulnerable to improper authentication exposure. The vulnerability is due to the Chaos Controller Manager exposing an unauthenticated GraphQL debugging server to the entire Kubernetes cluster, which allows an attacker to kill arbitrary processes in any pod...
EUVD-2025-29175
Malicious code in bioql PyPI...
Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...
CVE-2025-59358
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...
CVE-2025-59358
The CVE-2025-59358 entry is linked to Chaos Mesh: the Chaos Controller Manager exposes a GraphQL debugging server without authentication, reachable across the Kubernetes cluster. This misconfiguration permits an attacker to access an API capable of killing arbitrary processes in any pod, leading ...
CVE-2025-59358 Denial of Service via Unauthorized Access to Chaos Mesh debugging server
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...
PT-2025-37473
Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...
SUSE CVE-2019-14891
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...
cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...