3 matches found
CVE-2016-4326
The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...
CVE-2016-4326
The CVE-2016-4326 vulnerability affects the Chef Manage (formerly opscode-manage) add-on for Chef, where versions up to and including 1.11.4 deserialize cookie data insecurely. The underlying issue is deserialization of untrusted cookie data, which can be exploited by an unauthenticated remote at...
Chef Manage deserializes cookie data insecurely
Overview Chef Manage add-on, version 1.11.4 and earlier, deserializes cookie data insecurely, which may be leveraged to gain unauthenticated remote code execution. Description CWE-502: Deserialization of Untrusted Data - CVE-2016-4326Chef with the Chef Manage previously known as 'opscode-manage'...