Описание
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| chef | removed | package | ||
| chef | ignored | buster | package | |
| chef | ignored | stretch | package | |
| chef | ignored | jessie | package | |
| chef | ignored | wheezy | package |
Примечания
https://github.com/chef/chef/issues/3871
https://github.com/chef/chef/pull/8885
https://www.openwall.com/lists/oss-security/2015/12/14/10
Workaround: use validatorless bootstrapping
EPSS
Процентиль: 60%
0.00395
Низкий
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 8 лет назад
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
CVSS3: 7.5
nvd
больше 8 лет назад
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
CVSS3: 7.5
github
больше 3 лет назад
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
EPSS
Процентиль: 60%
0.00395
Низкий