25 matches found
EUVD-2011-4998
Malware in sbrugna...
EUVD-2011-4997
Malware in sbrugna...
CVE-2011-5098
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...
CVE-2011-5097
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...
UBUNTU-CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
Cooking Up Shells with Chef
I was able to compromise a Chef server on one of my recent engagements. Owning a Chef server means having the keys to the castle. I wasnt quite sure how to go about using this tool. Im familiar with Puppet as Ive spent the majority of my career on the systems side. Having never run into Chef, I...
Chef Server Hostname Detection
Binary data 7231.pasl...
Chef Server Detection
Binary data 9573.prm...
CVE-2011-5097
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...
CVE-2011-5098
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...
CVE-2011-5097
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...
CVE-2011-5098
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...
Command injection
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...
CVE-2011-5098
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...
Command injection
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...
CVE-2010-5142
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...
CVE-2011-5097
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...
CVE-2011-5097
Removed by vendor...
CVE-2010-5142
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...
CVE-2011-5097
The CVE-2011-5097 issue affects Chef Server’s API: chef-server-api/app/controllers/cookbooks.rb in Chef Server versions before 0.9.18 and 0.10.x before 0.10.2. The root cause is that update and destroy actions do not require administrative privileges, allowing remote authenticated users to upload...