Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-5097HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-5097
2022-10-0316:15:12
Debian Security Bug Tracker
security-tracker.debian.org
8
chef server
api
admin privileges
update
destroy
remote authenticated users
cookbooks
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.002
Percentile
51.5%
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | chef | < 0.10.10-1 | chef_0.10.10-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2011-5097
2012-08-08 00:00:00
cvelist
cvelist
CVE-2011-5097
2022-10-03 16:15:12
nvd
nvd
CVE-2011-5097
2012-08-08 10:26:18
cve
cve
CVE-2011-5097
2022-10-03 16:15:12
prion
prion
Command injection
2012-08-08 10:26:00
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.002
Percentile
51.5%
Related for DEBIANCVE:CVE-2011-5097