← voltar
CVE-2010-5142

CVE-2010-5142

EPSS 1.6%
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8http://tickets.opscode.com/browse/CHEF-1289