Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5142

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2010-5142
Last Modified 13 Aug 2012 12:00:00
Published 08 Aug 2012 06:26:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2010-5142

Summary

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.

Vulnerable Systems

Application

  • Opscode Chef 0.7.10

  • Opscode Chef 0.7.12

  • Opscode Chef 0.7.14

  • Opscode Chef 0.7.2

  • Opscode Chef 0.7.4

  • Opscode Chef 0.7.6

  • Opscode Chef 0.7.8

  • Opscode Chef 0.8.10

  • Opscode Chef 0.8.2

  • Opscode Chef 0.8.4

  • Opscode Chef 0.8.6

  • Opscode Chef 0.8.8


References

CONFIRM - https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8

CONFIRM - http://tickets.opscode.com/browse/CHEF-1289


Last Updated: 27 May 2016 10:53:34