3 matches found
CVE-2023-40050
CVE-2023-40050 affects Chef Automate versions prior to and including 4.10.29. A remote code execution flaw exists when uploading a profile through the API or the user interface using the InSpec check command with a maliciously crafted profile. Affected component is the profile upload pathway in C...
CVE-2025-8868
Chef Automate is affected by CVE-2025-8868 for versions earlier than 4.13.295 on Linux x86. An authenticated attacker can access restricted functionality in the compliance service through SQL injection caused by improperly neutralized inputs using a well-known token. The NVD/NIST entry indicates ...
CVE-2025-6724
CVE-2025-6724 affects Chef Automate on Linux x86, prior to 4.13.295, where an authenticated attacker can access restricted functionality in multiple services due to improperly neutralized inputs used in an SQL command. The root cause is input handling that enables SQL injection. Exploitation deta...