Описание
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.10 (включая)
Одно из
cpe:2.3:a:opscode:chef:*:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.10:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.14:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.8:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00391
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 13 лет назад
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
debian
больше 13 лет назад
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9 ...
EPSS
Процентиль: 60%
0.00391
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264