Filtered by vendor Chef
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8559 | 1 Chef | 1 Chef | 2025-04-20 | 7.5 High |
| The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. | ||||
| CVE-2016-4326 | 1 Chef | 1 Chef Manage | 2025-04-12 | N/A |
| The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. | ||||
| CVE-2023-42658 | 1 Chef | 1 Inspec | 2024-11-21 | 8.8 High |
| Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | ||||
| CVE-2023-40050 | 1 Chef | 1 Automate | 2024-11-21 | 9.9 Critical |
| Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. | ||||
Page 1 of 1.