Vulnerabilities > Chef > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-40050 | Code Injection vulnerability in Chef Automate Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. | 8.8 |
| 2023-10-31 | CVE-2023-42658 | Code Injection vulnerability in Chef Inspec 5.0.0 Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | 7.8 |
| 2017-09-21 | CVE-2015-8559 | Information Exposure vulnerability in Chef The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. | 7.5 |