Lucene search
ProgressSoftwareCVE-2023-42658HistoryOct 31, 2023 - 3:15 p.m.
CVE-2023-42658
2023-10-3115:15:09
CWE-917
CWE-94
ProgressSoftware
web.nvd.nist.gov
35
chef
inspec
cve-2023-42658
security
profile
command execution
CVSS3
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0.001
Percentile
28.3%
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.
Affected configurations
Node
chefinspecRange<4.56.58
ORchefinspecRange5.0.0–5.22.29
CNA Affected
[
{
"collectionURL": "https://community.chef.io/downloads/tools/inspec?os=windows",
"defaultStatus": "affected",
"modules": [
"InSpec Archive",
"InSpec Check",
"InSpec Export"
],
"packageName": "InSpec",
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "Chef InSpec",
"repo": "https://github.com/inspec/inspec",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "4.56.58 ",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "5.22.29",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2023-42658
2023-10-31 15:15:09
prion
prion
Command injection
2023-10-31 15:15:00
cvelist
cvelist
vulnrichment
vulnrichment
CVSS3
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0.001
Percentile
28.3%
Related for CVE-2023-42658