GHSA-G982-9R8G-6QXW Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink

There is a /tmp file race condition in chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 when creating /tmp/perlbrew-installer. If a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg...

CVE-2014-5003

chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer...

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

Command injection

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...

CVE-2011-5097

Removed by vendor...

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...