Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Opscode Chef 权限许可和访问控制漏洞
Vulnerability Description
Chef是由Ruby写成的形态管理软件,它以一种纯Ruby的领域专用语言(DSL)保存系统配置“食谱(recipes)”或“做饭书(cookbooks)”。Chef由Opscode开发,并在Apache协议版本2.0下开源发布。 Chef 0.9.18之前版本、0.10.2之前的0.10.x版本中的Chef Server内的chef-server-api/app/controllers/cookbooks.rb中存在漏洞,该漏洞源于更新和删除方法不需要管理权限。远程认证用户可利用该漏洞(1)借助刀菜谱上传
CVSS Information
N/A
Vulnerability Type
N/A