CVE-2023-40050 - Vulnerability Details - OpenCVE

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Chef	Automate

Configuration 1 [-]

cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050
https://docs.chef.io/automate/profiles/
https://docs.chef.io/release_notes_automate/

History

No history.

MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2023-10-31T14:07:59.881Z

Updated: 2024-09-06T15:41:14.418Z

Reserved: 2023-08-08T19:44:41.112Z

Link: CVE-2023-40050

Vulnrichment

Updated: 2024-08-02T18:24:54.691Z

NVD

Status : Modified

Published: 2023-10-31T15:15:09.227

Modified: 2024-11-21T08:18:36.260

Link: CVE-2023-40050

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40050", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2023-08-08T19:44:41.112Z", "datePublished": "2023-10-31T14:07:59.881Z", "dateUpdated": "2024-09-06T15:41:14.418Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.chef.io/downloads", "defaultStatus": "affected", "modules": ["Automate Upload Profile"], "packageName": "Automate", "platforms": ["Linux"], "product": "Chef Automate", "repo": "https://github.com/chef/automate", "vendor": "Progress Software Corporation", "versions": [{"lessThanOrEqual": "4.10.29", "status": "affected", "version": "4.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HackerOne - tas50"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. </p>\n\n\n\n\n\n\n\n\n\n"}], "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-10-31T14:07:59.881Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.chef.io/release_notes_automate/"}, {"tags": ["release-notes"], "url": "https://docs.chef.io/automate/profiles/"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Solution (optional): </strong>Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n<br>"}], "value": "\nSolution (optional): Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Workaround (optional): </strong>Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n<br>"}], "value": "\nWorkaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.691Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.chef.io/release_notes_automate/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://docs.chef.io/automate/profiles/"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}]}, {"affected": [{"vendor": "chef", "product": "automate", "cpes": ["cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.10.29", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T15:36:39.457247Z", "id": "CVE-2023-40050", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T15:41:14.418Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.chef.io/release_notes_automate/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://docs.chef.io/automate/profiles/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.691Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40050", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-06T15:36:39.457247Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*"], "vendor": "chef", "product": "automate", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.10.29"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T15:41:10.773Z"}}], "cna": {"title": "Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HackerOne - tas50"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/chef/automate", "vendor": "Progress Software Corporation", "modules": ["Automate Upload Profile"], "product": "Chef Automate", "versions": [{"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.10.29"}], "platforms": ["Linux"], "packageName": "Automate", "collectionURL": "https://www.chef.io/downloads", "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "\nSolution (optional): Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Solution (optional): </strong>Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n<br>", "base64": false}]}], "references": [{"url": "https://docs.chef.io/release_notes_automate/", "tags": ["release-notes"]}, {"url": "https://docs.chef.io/automate/profiles/", "tags": ["release-notes"]}, {"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "\nWorkaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Workaround (optional): </strong>Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. </p>\n\n\n\n\n\n\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-10-31T14:07:59.881Z"}}}, "cveMetadata": {"cveId": "CVE-2023-40050", "state": "PUBLISHED", "dateUpdated": "2024-09-06T15:41:14.418Z", "dateReserved": "2023-08-08T19:44:41.112Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2023-10-31T14:07:59.881Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*", "matchCriteriaId": "906C8F59-E452-439A-873A-955FC0BCFF02", "versionEndIncluding": "4.10.29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Cargue el perfil a trav\u00e9s de API o interfaz de usuario en Chef Automate antes de la versi\u00f3n 4.10.29 incluida utilizando el comando de verificaci\u00f3n InSpec con un perfil creado con fines malintencionados que permite la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2023-40050", "lastModified": "2024-11-21T08:18:36.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security@progress.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-31T15:15:09.227", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://docs.chef.io/automate/profiles/"}, {"source": "security@progress.com", "tags": ["Release Notes"], "url": "https://docs.chef.io/release_notes_automate/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://docs.chef.io/automate/profiles/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.chef.io/release_notes_automate/"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-434"}], "source": "security@progress.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}