Lucene search
Ubuntu.comUB:CVE-2011-5097HistoryAug 08, 2012 - 12:00 a.m.
CVE-2011-5097
2012-08-0800:00:00
ubuntu.com
ubuntu.com
7
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.002
Percentile
51.5%
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before
0.9.18, and 0.10.x before 0.10.2, does not require administrative
privileges for the update and destroy methods, which allows remote
authenticated users to (1) upload cookbooks via a knife cookbook upload
command or (2) delete cookbooks via a knife cookbook delete command.
Bugs
Related
cvelist
cvelist
CVE-2011-5097
2022-10-03 16:15:12
nvd
nvd
CVE-2011-5097
2012-08-08 10:26:18
cve
cve
CVE-2011-5097
2022-10-03 16:15:12
debiancve
debiancve
CVE-2011-5097
2022-10-03 16:15:12
prion
prion
Command injection
2012-08-08 10:26:00
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.002
Percentile
51.5%
Related for UB:CVE-2011-5097