Lucene search
+L

25 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-4997

Malware in sbrugna...

5.5CVSS6.4AI score0.01423EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2011-4998

Malware in sbrugna...

6.5CVSS6.4AI score0.01681EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/05/22 9:56 a.m.10 views

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

6.5CVSS6.7AI score0.01681EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 1:46 a.m.10 views

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

5.5CVSS6.8AI score0.01423EPSS
Exploits0References1
osv
osv
added 2023/07/17 8:15 p.m.7 views

UBUNTU-CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

5.5CVSS5.8AI score0.00247EPSS
Exploits0References5
coalfire
coalfire
added 2018/04/30 6:37 p.m.16 views

Cooking Up Shells with Chef

I was able to compromise a Chef server on one of my recent engagements. Owning a Chef server means having the keys to the castle. I wasnt quite sure how to go about using this tool. Im familiar with Puppet as Ive spent the majority of my career on the systems side. Having never run into Chef, I...

0.7AI score
Exploits0
nessus
nessus
added 2016/09/22 12:0 a.m.13 views

Chef Server Hostname Detection

Binary data 7231.pasl...

7.3AI score
Exploits0References1
nessus
nessus
added 2016/09/22 12:0 a.m.16 views

Chef Server Detection

Binary data 9573.prm...

7.3AI score
Exploits0References1
nvd
nvd
added 2012/08/08 10:26 a.m.16 views

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

6.5CVSS6.4AI score0.01681EPSS
Exploits1References2
nvd
nvd
added 2012/08/08 10:26 a.m.20 views

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

5.5CVSS6.5AI score0.01423EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2012/08/08 10:26 a.m.20 views

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

6.5CVSS5.9AI score0.01681EPSS
Exploits1References1
prion
prion
added 2012/08/08 10:26 a.m.13 views

Command injection

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

5.5CVSS7AI score0.01423EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2012/08/08 10:26 a.m.2 views

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

6.5CVSS5.6AI score0.01681EPSS
Exploits1References3
ubuntucve
ubuntucve
added 2012/08/08 10:26 a.m.25 views

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

5.5CVSS5.9AI score0.01423EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2012/08/08 10:26 a.m.32 views

CVE-2010-5142

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...

6.5CVSS5.9AI score0.0157EPSS
Exploits0References1
attackerkb
attackerkb
added 2012/08/08 10:26 a.m.4 views

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

5.5CVSS5.6AI score0.01423EPSS
Exploits0References3
prion
prion
added 2012/08/08 10:26 a.m.11 views

Command injection

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

6.5CVSS6.9AI score0.01681EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2012/08/08 10:0 a.m.22 views

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

6.5AI score0.01423EPSS
Exploits0References2
cve
cve
added 2012/08/08 10:0 a.m.51 views

CVE-2011-5098

The CVE-2011-5098 issue affects Chef Server (chef-server-api/app/controllers/clients.rb) where authentication bypass could occur because admin privileges were not required to create admin clients. A remote authenticated user could exploit read access to the validation key and run knife client cre...

6.5CVSS6.6AI score0.01681EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2012/08/08 10:0 a.m.16 views

CVE-2010-5142

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...

6.3AI score0.0157EPSS
Exploits0References2
Rows per page
Query Builder