15 matches found
CVE-2025-6723
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...
EUVD-2025-206578
Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated...
CVE-2025-6723 Untrusted user data can lead to privilege escalation
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...
CVE-2025-6723 Untrusted user data can lead to privilege escalation
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...
CVE-2025-6723
CVE-2025-6723 : Red Hat and NVD entries describe that Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker could interfere with the pipe connection process and exploit insufficient access restrictions to assume the InSpec exec...
CVE-2025-6723
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...
Chef InSpec authorization issue vulnerability
Chef InSpec is an open-source automation testing and compliance checking framework developed by Chef Inc. It aims to assist developers and operations teams in writing, running, and maintaining automated test scripts to verify the compliance and security of applications and infrastructure. Chef...
EUVD-2023-47091
Malicious code in bioql PyPI...
CVE-2023-42658
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...
CVE-2023-42658
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...
CVE-2023-42658
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...
Command injection
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...
CVE-2023-42658 InSpec Archive Command Vulnerable to Maliciously Crafted Profile
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...
PT-2023-28487 · Chef · Chef Inspec
Name of the Vulnerable Software and Affected Versions: Chef InSpec versions prior to 4.56.58 Chef InSpec versions prior to 5.22.29 Description: The issue allows local command execution via maliciously crafted profiles, specifically affecting the archive, check, and export commands in Chef InSpec...
Chef InSpec Code Injection Vulnerability
Chef Software Chef InSpec is an open source automated testing and compliance checking framework from Chef Software designed to help developers and operations teams write, run, and maintain automated test scripts to validate the compliance and security of applications and infrastructure. A securit...