Vulnerabilities > CVE-2016-4326 - Remote Code Execution vulnerability in Chef Manage add-on

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
chef

Summary

The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. <a href="http://cwe.mitre.org/data/definitions/502.html">CWE-502: Deserialization of Untrusted Data</a>

Vulnerable Configurations

Part Description Count
Application
Chef
1