Chaotic Deputy: Chaos Mesh Critical GraphQL Flaws — Vulnerability Analysis Report By CyberDudeBivash — Kubernetes & Cloud-Native Threat Intelligence

-

 


cyberdudebivash.com | cyberbivash.blogspot.com | cryptobivash.code.blog

 Executive Summary

Researchers at JFrog Security recently discovered a set of critical vulnerabilities in Chaos Mesh, a popular chaos-engineering platform for Kubernetes. The vulnerabilities (collectively dubbed Chaotic Deputy) include authentication bypass and OS command injection flaws in the GraphQL debugging interface of Chaos Mesh’s Controller Manager. research.jfrog.com+3JFrog+3The Hacker News+3

These flaws allow an adversary with only in-cluster network access (e.g., a compromised pod) to execute arbitrary commands or kill processes across pods—including high-privilege or control plane pods—and potentially take over the entire Kubernetes cluster. Users of Chaos Mesh versions earlier than 2.7.3 are affected. JFrog+2The Hacker News+2

This report from CyberDudeBivash breaks down how these vulnerabilities work, the risk to cloud-native infrastructures, detection methods, patching guidance, and long-term Kubernetes security hardening.

 Vulnerability Details & CVEs

Below are the core vulnerabilities disclosed:

CVESeverity / CVSS*Description
CVE-2025-59358High (≈ 7.5)Missing authentication on Chaos Controller Manager’s GraphQL debugging server. The /query endpoint is unauthenticated; allows process termination (killProcesses) — risk of cluster-wide DoS. NVD+2Feedly+2
CVE-2025-59359Critical (≈ 9.8)Command injection via cleanTcs mutation. Unprivileged attacker can supply arbitrary device names, appended commands to execute on target pods. JFrog+1
CVE-2025-59360Critical (≈ 9.8)Similar OS command injection in killProcesses mutation. JFrog+1
CVE-2025-59361Critical (≈ 9.8)cleanIptables mutation command injection. Attackers can flush or modify iptables chains, affecting network traffic inside the cluster. JFrog+1

* CVSS as per JFrog Security / GitHub Advisory / NVD sources. The Hacker News+2NVD+2

 Attack Vector & Preconditions

To exploit these vulnerabilities, an attacker needs:

  • In-cluster network access: an unprivileged pod or attacker inside the Kubernetes network able to reach the Controller Manager’s GraphQL endpoint. JFrog+2The Hacker News+2

  • The Chaos Mesh Controller Manager with the GraphQL server enabled (default for many installations). JFrog

  • Access to namespace where Chaos Mesh is installed, or ability to send GraphQL requests to the controller manager.

  • If OS command injection is successful, further ability to escalate privileges, access service account tokens, or access nodes/pod file systems. JFrog+1

 Potential Impacts

  • Full cluster compromise: Attackers could use the exposed GraphQL mutations to kill critical pods (control plane components, API server, etc.), exfiltrate sensitive secrets/data, or use service account tokens to move laterally.

  • Denial of Service (DoS): Simply killing essential process pods can take down the cluster or degrade service.

  • Credential / Token Theft: Through OS command injection, service account tokens stored in pod file systems under /var/run/secrets/kubernetes.io/... can be accessed. JFrog+1

  • Disruption of operations: Chaos Mesh is used in many resilience / chaos-engineering workflows; compromise here could also disrupt deployment pipelines, observability, or monitoring systems.

 Affected Versions & Patch Information

  • Affected: Chaos Mesh versions before 2.7.3 (i.e., up to 2.7.2 and earlier) are vulnerable. JFrog+1

  • Patched version: 2.7.3 contains fixes for all the Chaotic Deputy vulnerabilities. JFrog+2The Hacker News+2

 Detection & Indicators of Compromise (IoCs)

Here are key signals to hunt for:

Network / Pod Information

  • Pods in the chaos-mesh (or whatever namespace used) running with Controller Manager image version < 2.7.3. JFrog

  • Presence of port 10082 open on chaos-controller-manager (GraphQL server) and accessible from other pods. JFrog+1

Behavioral / GraphQL Mutations

  • GraphQL requests to /query endpoint without authentication.

  • Mutation calls: killProcesses, cleanTcs, cleanIptables, or other mutation invocations with passed device or pod parameters.

Commands / Process actions

  • Execution of iptables, tc or other system commands via Chaos Mesh.

  • New creation of pods or jobs that copy files from /proc/<PID>/root/var/run/secrets/... (serviceaccount token paths) to accessible directories.

Logs

  • Audit logs or Kubernetes API server logs showing CrashLoop or abnormal pod shutdowns.

  • Chaos Mesh controller manager logs containing unauthenticated GraphQL calls.

 Detection Rule Samples

Here are sample detection rules for SIEM/EDR:

Sigma-style rule for discovering GraphQL mutation calls without auth:

title: Chaos Mesh GraphQL Mutation without Authentication
id: cdb1-chaotic-deputy-unauth-mutation
status: experimental
description: Detects GraphQL mutation request to Chaos Controller Manager from pods without proper RBAC or auth
logsource:
  product: http
  service: web
detection:
  selection:
    url_path: "/query"
    http_method: POST
    request_body|contains:
      - "mutation killProcesses"
      - "mutation cleanTcs"
      - "mutation cleanIptables"
  condition: selection
level: critical
tags:
  - attack.command_injection
  - attack.rce
  - cloud.k8s

Kubernetes audit / network policy rule:

  • Monitor ingress from pods (not in chaos-mesh namespace) to Controller Manager port 10082.

  • Alert when any pod outside expected list connects to GraphQL debug interface.

 Mitigation & Emergency Fixes

If you’re running Chaos Mesh, here are immediate remediation steps:

  1. Upgrade to version 2.7.3 immediately. This is the official fixed version. JFrog+1

  2. If you cannot upgrade right now, disable the GraphQL control server / disable chaosctl / disable enableCtrlServer via the Helm chart. Set enableCtrlServer=false. JFrog+1

  3. Restrict network access to the Controller Manager: use NetworkPolicies to limit access to only trusted namespaces or pods.

  4. Limit exposure: bind the GraphQL endpoint only to localhost or internal trusted IPs.

  5. Audit and rotate service account tokens if you suspect compromise due to prior exposure.

 Long-Term Defense & Best Practices

  • Regularly scan your Kubernetes components (including chaos-engineering tools) for CVEs. Tools like K8s vulnerability scanners / CNAPP / CISA / cloud vendor advisories.

  • Apply least privilege for pods using Chaos Mesh; ensure that pods do not carry unnecessary permissions or wide RBAC roles.

  • Use Mutating Admission Webhooks to enforce security policies and block unsafe configurations.

  • Log and monitor GraphQL usage, even when disabled; ensure that audit logs include origin pod info for requests.

  • Apply network segmentation: separate namespaces, restrict inter-namespace traffic, apply pod security policies or equivalent.

 CyberDudeBivash Recommendations

  • Immediately review all clusters using Chaos Mesh; create an inventory of versions, exposure status.

  • Run exploit simulations (in safe test clusters) to understand blast radius.

  • Incorporate Chaotic Deputy CVEs into your IOC feed / signature library.

  • Provide training for node / cluster admins & DevOps teams about risks of debug endpoints and command injection.


#CyberDudeBivash #ChaosMesh #ChaoticDeputy #KubernetesSecurity #GraphQLFlaw #RemoteCodeExecution #CloudNative #ThreatIntel #DevSecOps #VulnerabilityAnalysis


Conclusion

The Chaotic Deputy vulnerabilities in Chaos Mesh represent a severe risk to Kubernetes environments around the world. Because the entry requirement is only in-cluster network access (which many pods already have), the potential for compromise is high. Organizations must act now — patch, restrict access, and audit.

CyberDudeBivash will continue tracking exploitation activity and publish IOCs, detection rules, and monitoring scripts in our ThreatWire feed. If you want, I can build an IOC pack + Sigma / YARA rules specifically for "Chaotic Deputy" for your security team.

Comments

Post a Comment

Popular posts from this blog

CyberDudeBivash Rapid Advisory — WordPress Plugin: Social-Login Authentication Bypass (Threat Summary & Emergency Playbook)

-
Image
  TL;DR: A class of vulnerabilities in WordPress social-login / OAuth plugins can let attackers bypass normal authentication flows and obtain an administrative session (or create admin users) by manipulating OAuth callback parameters, reusing stale tokens, or exploiting improper validation of the identity assertions returned by providers. If you run a site that accepts social logins (Google, Facebook, Apple, GitHub, etc.), treat this as high priority : audit, patch, or temporarily disable social login until you confirm your plugin is safe. This advisory gives you immediate actions, detection steps, mitigation, and recovery guidance. Why this matters (short) Social-login plugins often accept externally-issued assertions (OAuth ID tokens, authorization codes, user info). If the plugin fails to validate provider signatures, nonce/state values, redirect URIs, or maps identities to local accounts incorrectly , attackers can craft requests that the site accepts as authenticated. ...
Read more

Hackers Injecting Malicious Code into GitHub Actions to Steal PyPI Tokens CyberDudeBivash — Threat Brief & Defensive Playbook

-
Image
  SUMMARY  Attackers are modifying GitHub Actions workflows (via compromised accounts, malicious PRs, or forged commits) to add steps that exfiltrate PyPI (or other package registry) publishing tokens. With those tokens they publish backdoored packages or download private packages — a supply-chain multiplier. Defend by eliminating long-lived secrets, switching to OIDC/ephemeral credentials, hardening workflow controls, monitoring workflow changes and secret usage, and rotating tokens immediately if you suspect compromise. How attackers typically operate  Gain write access to repo or CI/CD config (via compromised developer account, stolen token, privilege abuse, or merge of malicious PR). Modify or add a workflow file that runs in the repo’s runner context (self-hosted or GitHub-hosted). Add steps that read repository secrets (e.g., PYPI_TOKEN ) or create credentials files ( ~/.pypirc ), then send the token to attacker-controlled endpoints or push a malicious p...
Read more

Exchange Hybrid Warning: CVE-2025-53786 can cascade into domain compromise (on-prem ↔ M365) By CyberDudeBivash — Cybersecurity & AI

-
Image
  Executive summary CVE-2025-53786 is a post-authentication elevation of privilege in Microsoft Exchange hybrid deployments . If an attacker first gains admin on an on-prem Exchange server , they can abuse the legacy “shared service principal” trust used by Hybrid Configuration to escalate into Exchange Online —potentially leading to full cloud+on-prem domain compromise . CISA issued Emergency Directive ED-25-02 with a deadline of 9:00 a.m. EDT on August 11, 2025 for U.S. federal agencies; Microsoft urges all hybrid customers to take the same steps: apply the April 2025 Hotfix Updates , migrate to the dedicated Exchange Hybrid app , and reset/clean up service principal credentials . cisa.gov +1 TECHCOMMUNITY.MICROSOFT.COM +1 Why this is dangerous: actions initiated from the on-prem Exchange side may not show up as obviously malicious in M365 audit trails, making cloud abuse harder to spot if you’ve not modernized the trust. TechRadar What is actually vulnerable? (trust...
Read more