Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Opscode Chef 权限许可和访问控制漏洞
Vulnerability Description
Chef是由Ruby写成的形态管理软件,它以一种纯Ruby的领域专用语言(DSL)保存系统配置“食谱(recipes)”或“做饭书(cookbooks)”。Chef由Opscode开发,并在Apache协议版本2.0下开源发布。 Chef 0.9.20之前版本和0.10.6之前的0.10.x版本中的Chef Server内的chef-server-api/app/controllers/clients.rb中存在漏洞,该漏洞源于创建管理用户不需要管理特权。远程认证用户可利用验证密钥读取权限绕过目地访问限制
CVSS Information
N/A
Vulnerability Type
N/A