Lucene search

K

GitHub Advisory DatabaseGHSA-F68M-Q26R-64F6

HistoryMay 17, 2022 - 5:26 a.m.

Chef Improper Access Control vulnerability

2022-05-1705:26:20

CWE-284

GitHub Advisory Database

github.com

1

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.4%

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.

Affected configurations

Vulners

Node

chefchefRange<0.9.0

CPENameOperatorVersion
cheflt0.9.0

References

tickets.opscode.com/browse/CHEF-1289

github.com/advisories/GHSA-f68m-q26r-64f6

github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8

github.com/rubysec/ruby-advisory-db/blob/master/gems/chef/CVE-2010-5142.yml

nvd.nist.gov/vuln/detail/CVE-2010-5142

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.4%

Related for GHSA-F68M-Q26R-64F6

prion1 cvelist1 debiancve1 osv1 cve1 ubuntucve1 nvd1