← volver
CVE-2010-5142

CVE-2010-5142

EPSS 1.6%
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8http://tickets.opscode.com/browse/CHEF-1289