CNNVD-202509-2246 Information

CNNVD ID

CNNVD-202509-2246

Related CVE

CVE-2025-59358

• CNNVD Published: 2025-09-15

Description (Chinese)

Chaos Mesh是Chaos Mesh开源的一个开源的云原生工程平台。 Chaos Mesh存在访问控制错误漏洞，该漏洞源于未经验证的GraphQL调试服务器暴露给整个Kubernetes集群，可能导致集群范围的拒绝服务。

Description (English)

Chaos Mesh is an open-source cloud-based engineering platform for Chaos Mesh. Chaos Mesh had a bug in access control, which stemmed from the exposure of unverified GraphQL debug servers to the entire Kubernetes cluster, which could lead to cluster-wide denial of services.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Chaos Mesh

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/chaos-mesh/chaos-mesh/pull/4702 https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover