CNNVD-202512-880 Information

CNNVD ID

CNNVD-202512-880

Related CVE

CVE-2025-14261

• CNNVD Published: 2025-12-08

Description (Chinese)

LitmusChaos是Litmus Chaos开源的一个以云原生方式实践混沌工程的程序。 LitmusChaos存在安全特征问题漏洞，该漏洞源于JWT签名密钥过短，可能导致身份验证绕过。

Description (English)

Litmus Chaos is a cloud-based process for the operation of chaos works in the open source of Litmus Chaos. There is a security feature loophole in Litmus Chaos, which stems from the fact that the JWT signature key is too short, which may lead to the identification being bypassed.

Hazard Level

Medium

Vulnerability Type

安全特征问题

Affected Vendor

Litmus Chaos

Published

2025-12-08

Last Modified

2026-02-24

References

https://research.jfrog.com/vulnerabilities/litmus-jwt-missing-entropy-elevation-jfsa-2025-001648159/ https://github.com/litmuschaos/litmus/pull/5324 https://access.redhat.com/security/cve/cve-2025-14261