Lucene search
Veracode Vulnerability DatabaseVERACODE:5223HistoryOct 04, 2017 - 6:06 a.m.
Information Disclosure
2017-10-0406:06:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
EPSS
0.002
Percentile
55.3%
chef is vulnerable to information disclosure. When you knife bootstrap a node, the validation key is printed into the logs found at /var/log/messages.
References
www.openwall.com/lists/oss-security/2015/12/14/14
discourse.chef.io/t/chef-infra-client-15-4-45-released/16081
github.com/chef/chef/blob/v13.5.11/lib/chef/knife/bootstrap/templates/chef-full.erb#L193
github.com/chef/chef/commit/85f3b203882d68ef77da3933c3c4790c2e6d3555
github.com/chef/chef/issues/3871
github.com/chef/chef/pull/8885
Related
prion
prion
Design/Logic Flaw
2017-09-21 14:29:00
nvd
nvd
CVE-2015-8559
2017-09-21 14:29:00
cve
cve
CVE-2015-8559
2017-09-21 14:29:00
debiancve
debiancve
CVE-2015-8559
2017-09-21 14:29:00
ubuntucve
ubuntucve
CVE-2015-8559
2017-09-21 00:00:00
cvelist
cvelist
CVE-2015-8559
2017-09-21 14:00:00