Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2023-10-31T14:07:59.881Z

Updated: 2024-09-06T15:41:14.418Z

Reserved: 2023-08-08T19:44:41.112Z

Link: CVE-2023-40050

cve-icon Vulnrichment

Updated: 2024-08-02T18:24:54.691Z

cve-icon NVD

Status : Modified

Published: 2023-10-31T15:15:09.227

Modified: 2024-11-21T08:18:36.260

Link: CVE-2023-40050

cve-icon Redhat

No data.