Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Chef Security Vulnerabilities

cve
cve

CVE-2015-8559

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.

7.5CVSS

7.5AI Score

0.002EPSS

2017-09-21 02:29 PM
35
2
cve
cve

CVE-2016-4326

The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.

9.8CVSS

9.7AI Score

0.008EPSS

2016-06-10 01:59 AM
19
cve
cve

CVE-2023-40050

Upload profile eitherthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpeccheck command with maliciously crafted profile allows remote code execution.

9.9CVSS

9AI Score

0.001EPSS

2023-10-31 03:15 PM
18
cve
cve

CVE-2023-42658

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

8.8CVSS

7.6AI Score

0.001EPSS

2023-10-31 03:15 PM
35