Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2011-5097
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-5097

2022-10-0316:15:12
Debian Security Bug Tracker
security-tracker.debian.org
6
chef server
api
admin privileges
update
destroy
remote authenticated users
cookbooks

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

EPSS

0.002

Percentile

51.5%

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.

OSVersionArchitecturePackageVersionFilename
Debian10allchef< 0.10.10-1chef_0.10.10-1_all.deb

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

EPSS

0.002

Percentile

51.5%

Related for DEBIANCVE:CVE-2011-5097