Lucene search

K
nvd[email protected]NVD:CVE-2011-5097
HistoryAug 08, 2012 - 10:26 a.m.

CVE-2011-5097

2012-08-0810:26:18
CWE-264
web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

51.5%

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.

Affected configurations

NVD
Node
opscodechefRange0.9.16
OR
opscodechefMatch0.7.2
OR
opscodechefMatch0.7.4
OR
opscodechefMatch0.7.6
OR
opscodechefMatch0.7.8
OR
opscodechefMatch0.7.10
OR
opscodechefMatch0.7.12
OR
opscodechefMatch0.7.14
OR
opscodechefMatch0.8.2
OR
opscodechefMatch0.8.4
OR
opscodechefMatch0.8.6
OR
opscodechefMatch0.8.8
OR
opscodechefMatch0.8.10
OR
opscodechefMatch0.9.0
OR
opscodechefMatch0.9.2
OR
opscodechefMatch0.9.4
OR
opscodechefMatch0.9.6
OR
opscodechefMatch0.9.8
OR
opscodechefMatch0.9.10
OR
opscodechefMatch0.9.12
OR
opscodechefMatch0.9.14
OR
opscodechefMatch0.10.0

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

51.5%

Related for NVD:CVE-2011-5097