Chef Security Vulnerabilities and Issues — Chef CVE List

Lucene search

OpscodeChef

3 matches found

CVE•added 2012/08/08 10:26 a.m.•39 views

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the vali...

6.5CVSS6.6AI score0.00191EPSS

CVE•added 2012/08/08 10:26 a.m.•33 views

CVE-2010-5142

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.

6.5CVSS6.5AI score0.00391EPSS

CVE•added 2012/08/08 10:26 a.m.•27 views

CVE-2011-5097

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) dele...

5.5CVSS6.7AI score0.00391EPSS