3 matches found
CVE-2010-5142
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...
CVE-2010-5142
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...
CVE-2010-5142
The CVE-2010-5142 entry concerns Chef’s API (chef-server-api/app/controllers/users.rb) prior to version 0.9.0. The root cause is that create, destroy, and update operations did not require administrative privileges, allowing remote authenticated users to manage other user accounts via requests to...