← back
CVE-2010-5142

CVE-2010-5142

EPSS 1.6%
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8http://tickets.opscode.com/browse/CHEF-1289