GHSA-f68m-q26r-64f6, CVE-2010-5142
gem/chef
Chef Improper Access Control vulnerability
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
All versions before 0.9.0
Upgrade to version 0.9.0 or above.
2024-02-09
source |