CVE-2010-5142

Chef Improper Access Control vulnerability in gem/chef

Identifiers

GHSA-f68m-q26r-64f6, CVE-2010-5142

Package Slug

gem/chef

Vulnerability

Chef Improper Access Control vulnerability

Description

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.

Affected Versions

All versions before 0.9.0

Solution

Upgrade to version 0.9.0 or above.

Last Modified

2024-02-09

source