Описание
Chaos Controller Manager is vulnerable to OS command injection
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
Ссылки
Пакеты
Наименование
github.com/chaos-mesh/chaos-mesh
go
Затронутые версииВерсия исправления
< 2.7.3
2.7.3
Связанные уязвимости
CVSS3: 9.8
nvd
5 месяцев назад
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.