The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
7.5CVSS
7.5AI Score
0.002EPSS
The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
9.8CVSS
9.7AI Score
0.008EPSS
Upload profile eitherthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpeccheck command with maliciously crafted profile allows remote code execution.
9.9CVSS
9AI Score
0.001EPSS
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.
8.8CVSS
7.6AI Score
0.001EPSS