Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-5097
HistoryAug 08, 2012 - 12:00 a.m.

CVE-2011-5097

2012-08-0800:00:00
ubuntu.com
ubuntu.com
6

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

EPSS

0.002

Percentile

51.5%

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before
0.9.18, and 0.10.x before 0.10.2, does not require administrative
privileges for the update and destroy methods, which allows remote
authenticated users to (1) upload cookbooks via a knife cookbook upload
command or (2) delete cookbooks via a knife cookbook delete command.

Bugs

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

EPSS

0.002

Percentile

51.5%

Related for UB:CVE-2011-5097