3 matches found
CVE-2011-5098
The CVE-2011-5098 issue affects Chef Server (chef-server-api/app/controllers/clients.rb) where authentication bypass could occur because admin privileges were not required to create admin clients. A remote authenticated user could exploit read access to the validation key and run knife client cre...
CVE-2010-5142
The CVE-2010-5142 entry concerns Chef’s API (chef-server-api/app/controllers/users.rb) prior to version 0.9.0. The root cause is that create, destroy, and update operations did not require administrative privileges, allowing remote authenticated users to manage other user accounts via requests to...
CVE-2011-5097
The CVE-2011-5097 issue affects Chef Server’s API: chef-server-api/app/controllers/cookbooks.rb in Chef Server versions before 0.9.18 and 0.10.x before 0.10.2. The root cause is that update and destroy actions do not require administrative privileges, allowing remote authenticated users to upload...