CVE-2015-8559

CVE-2015-8559

EPSS 1.9%

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://discourse.chef.io/t/chef-infra-client-15-4-45-released/16081 https://github.com/chef/chef/issues/3871 https://github.com/chef/chef/pull/8885 http://www.openwall.com/lists/oss-security/2015/12/14/14