Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-5098

Опубликовано: 08 авг. 2012
Источник: nvd
CVSS2: 6.5
EPSS Низкий

Описание

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:opscode:chef:*:*:*:*:*:*:*:*
Версия до 0.9.18 (включая)
cpe:2.3:a:opscode:chef:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.10:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.7.14:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.8:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.10:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.12:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.14:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.8.16:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.9.16:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:opscode:chef:0.10.4:*:*:*:*:*:*:*

EPSS

Процентиль: 41%
0.00191
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2011-5098

ubuntu
больше 13 лет назад

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option.

debian логотип

CVE-2011-5098

debian
больше 13 лет назад

chef-server-api/app/controllers/clients.rb in Chef Server in Chef befo ...

github логотип

GHSA-q923-fjjc-9frg

github
больше 3 лет назад

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option.

EPSS

Процентиль: 41%
0.00191
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264