28 matches found
Chef Automate < 4.13.295 — SQL Injection
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. id: CVE-2025-8868 info...
VulnCheck KEV: CVE-2025-8868
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...
EUVD-2023-44657
Malicious code in bioql PyPI...
EUVD-2025-31570
Malicious code in bioql PyPI...
EUVD-2025-31571
Malicious code in bioql PyPI...
CVE-2025-6724
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...
CVE-2025-8868
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...
CVE-2025-8868
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...
CVE-2025-8868
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...
CVE-2025-6724
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...
CVE-2025-6724
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...
CVE-2025-8868 Chef Automate compliance service SQL Injection Vulnerability
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...
CVE-2025-8868
Chef Automate is affected by CVE-2025-8868 for versions earlier than 4.13.295 on Linux x86. An authenticated attacker can access restricted functionality in the compliance service through SQL injection caused by improperly neutralized inputs using a well-known token. The NVD/NIST entry indicates ...
CVE-2025-8868 Chef Automate compliance service SQL Injection Vulnerability
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...
CVE-2025-6724 Chef Automate SQL Injection Vulnerability
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...
CVE-2025-6724
CVE-2025-6724 affects Chef Automate on Linux x86, prior to 4.13.295, where an authenticated attacker can access restricted functionality in multiple services due to improperly neutralized inputs used in an SQL command. The root cause is input handling that enables SQL injection. Exploitation deta...
CVE-2025-6724 Chef Automate SQL Injection Vulnerability
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...
PT-2025-39824
Name of the Vulnerable Software and Affected Versions Chef Automate versions prior to 4.13.295 Description An authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service. This is due to improperly neutralized inputs used in an SQL command utilizing a...
Chef Software Chef Automate SQL注入漏洞
Chef Software Chef Automate is an automation platform from Chef Software for automating and managing infrastructure, applications, and compliance to help organizations achieve continuous delivery, automated operations, and security compliance. A SQL injection vulnerability exists in Chef Software...
PT-2025-39823
Name of the Vulnerable Software and Affected Versions Chef Automate versions prior to 4.13.295 Description Chef Automate versions earlier than 4.13.295 on Linux x86 are susceptible to a condition where an authenticated attacker can access restricted functionality. This is due to improperly...