CNNVD-202508-856 Information

CNNVD ID

CNNVD-202508-856

Related CVE

CVE-2025-8795

• CNNVD Published: 2025-08-10

Description (Chinese)

LitmusChaos是Litmus Chaos开源的一个以云原生方式实践混沌工程的程序。 LitmusChaos 3.19.0及之前版本存在安全漏洞，该漏洞源于文件/auth/login中参数projectID的访问控制不当，可能导致远程攻击。

Description (English)

Litmus Chaos is a cloud-based process for the operation of chaos works in the open source of Litmus Chaos. There is a security loophole in Litmus Chaos 3.19.0 and previous versions, which stems from inadequate access control of the parameter projectID in document/auth/login, which could lead to a long-range attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Litmus Chaos

Published

2025-08-10

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.319323 https://github.com/MaiqueSilva/VulnDB/blob/main/readme05.md https://vuldb.com/?submit.625984 https://vuldb.com/?id.319323 https://access.redhat.com/security/cve/cve-2025-8795 https://nvd.nist.gov/vuln/detail/CVE-2025-8795