Lucene search

[email protected]NVD:CVE-2011-5097

HistoryAug 08, 2012 - 10:26 a.m.

CVE-2011-5097

2012-08-0810:26:18

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

51.5%

JSON

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.

Affected configurations

Nvd

Node

opscodechefRange≤0.9.16

opscodechefMatch0.7.2

opscodechefMatch0.7.4

opscodechefMatch0.7.6

opscodechefMatch0.7.8

opscodechefMatch0.7.10

opscodechefMatch0.7.12

opscodechefMatch0.7.14

opscodechefMatch0.8.2

opscodechefMatch0.8.4

opscodechefMatch0.8.6

opscodechefMatch0.8.8

opscodechefMatch0.8.10

opscodechefMatch0.9.0

opscodechefMatch0.9.2

opscodechefMatch0.9.4

opscodechefMatch0.9.6

opscodechefMatch0.9.8

opscodechefMatch0.9.10

opscodechefMatch0.9.12

opscodechefMatch0.9.14

opscodechefMatch0.10.0

References

tickets.opscode.com/browse/CHEF-2436

github.com/opscode/chef/commit/a4ea6edab2fecb922f999cffb0daa04eeeec7a26

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

51.5%

JSON

Related for NVD:CVE-2011-5097

ubuntucve1 cvelist1 debiancve1 cve1 prion1