Chef: Security Vulnerabilities
Upload profile either
through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec
check command with maliciously crafted profile allows remote code execution.
CVSS Score
9.9
EPSS Score
0.099
Published
2023-10-31
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-31
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-09-21
The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
CVSS Score
9.8
EPSS Score
0.024
Published
2016-06-10