Vulnerabilities > Chef

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-31	CVE-2023-40050	Code Injection vulnerability in Chef Automate Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. network low complexity chef CWE-94	8.8
2023-10-31	CVE-2023-42658	Code Injection vulnerability in Chef Inspec 5.0.0 Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. local low complexity chef CWE-94	7.8
2017-09-21	CVE-2015-8559	Information Exposure vulnerability in Chef The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. network low complexity chef CWE-200	7.5
2016-06-10	CVE-2016-4326	Unspecified vulnerability in Chef Manage 1.11.4 The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. network low complexity chef critical	9.8

Vulnerabilities > Chef {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Chef"}]}