Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/19 12:31 a.m.10 views

EUVD-2026-37955

Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...

9.4CVSS5.2AI score0.00401EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37956

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 10:16 p.m.12 views

CVE-2026-8668

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:19 p.m.8 views

CVE-2026-8668

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 9:19 p.m.22 views

CVE-2026-8668 Hardcoded credentials in embedded content

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 9:19 p.m.20 views

CVE-2026-8668

CVE-2026-8668 concerns Chef 360 prior to v1.7.0, where a static credential embedded in the product allowed unauthenticated access to internal message queues containing tenant-specific identifiers. The underlying issue is a hardcoded credential that enables access without authentication; later ver...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:18 p.m.18 views

CVE-2026-8100

Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...

9.4CVSS0.00401EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 9:18 p.m.21 views

CVE-2026-8100

CVE-2026-8100 affects Chef 360. The issue arises from improper handling of URL-encoded paths during request processing, allowing an authenticated request to bypass standard access controls and access higher-privilege API endpoints under certain conditions. Impact is deployment/configuration depen...

9.4CVSS5.2AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.16 views

PT-2026-50803

Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.1 Description Improper handling of URL-encoded paths during request processing can allow unauthorized access to protected API endpoints. An authenticated request may bypass standard access controls to gain...

9.4CVSS5.9AI score0.00401EPSS
Exploits0References3
Rows per page
Query Builder