CVE-2024-36538
HIGHDescription
Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| chaos-mesh | chaos_mesh |
References
Frequently Asked Questions
What is CVE-2024-36538? +
How severe is CVE-2024-36538? +
What products are affected by CVE-2024-36538? +
How do I check if I'm vulnerable to CVE-2024-36538? +
Related Vulnerabilities
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus …
IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor …
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build …
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated …
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated …