Chef : Security Vulnerabilities, CVEs,
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-10-31
Updated
2023-11-08
Upload profile either
through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec
check command with maliciously crafted profile allows remote code execution.
Max CVSS
9.9
EPSS Score
0.15%
Published
2023-10-31
Updated
2023-11-08
The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
Max CVSS
9.8
EPSS Score
0.81%
Published
2016-06-10
Updated
2016-06-10
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
Max CVSS
7.5
EPSS Score
0.18%
Published
2017-09-21
Updated
2021-06-28
4 vulnerabilities found