Lucene search

K
cvelistMitreCVELIST:CVE-2011-5097
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-5097

2022-10-0316:15:12
mitre
www.cve.org
1
cve-2011-5097
chef server
administrative privileges
remote authenticated users
upload cookbooks
delete cookbooks

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

51.5%

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

51.5%

Related for CVELIST:CVE-2011-5097