Lucene search

GoogleOSV:CVE-2023-40050

HistoryOct 31, 2023 - 3:15 p.m.

CVE-2023-40050

2023-10-3115:15:09

Google

osv.dev

cve-2023-40050

remote code execution

api

user interface

inspec

security vulnerability

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.9%

JSON

Upload profile either
through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec
check command with maliciously crafted profile allows remote code execution.

CPENameOperatorVersion
automateeq4.0.19
automateeq4.9.81
automateeq4.5.63
automateeq4.9.29
automateeq4.7.211
automateeq4.10.17
automateeq4.5.10
automateeq4.5.145
automateeq4.3.37
automateeq4.5.3

Name	Operator	Version
automate	eq	4.0.19
automate	eq	4.9.81
automate	eq	4.5.63
automate	eq	4.9.29
automate	eq	4.7.211
automate	eq	4.10.17
automate	eq	4.5.10
automate	eq	4.5.145
automate	eq	4.3.37
automate	eq	4.5.3

Rows per page:

1-10 of 11111

References

community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050

docs.chef.io/automate/profiles/

docs.chef.io/release_notes_automate/

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for OSV:CVE-2023-40050