Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-10-31
Updated
2023-11-08
Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.
Max CVSS
9.9
EPSS Score
0.15%
Published
2023-10-31
Updated
2023-11-08
The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
Max CVSS
9.8
EPSS Score
0.81%
Published
2016-06-10
Updated
2016-06-10
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
Max CVSS
7.5
EPSS Score
0.18%
Published
2017-09-21
Updated
2021-06-28
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!