Upload profile either
through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec
check command with maliciously crafted profile allows remote code execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ProgressSoftware
Published: 2023-10-31T14:07:59.881Z
Updated: 2024-09-06T15:41:14.418Z
Reserved: 2023-08-08T19:44:41.112Z
Link: CVE-2023-40050
Vulnrichment
Updated: 2024-08-02T18:24:54.691Z
NVD
Status : Modified
Published: 2023-10-31T15:15:09.227
Modified: 2024-11-21T08:18:36.260
Link: CVE-2023-40050
Redhat
No data.