Skip to content

Commit fbb0848

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@0387f6f 
1 parent 79c9c1f commit fbb0848

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

advisories/_posts/2012-08-08-CVE-2010-5142.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2010-5142 (chef): Chef Improper Access Control Vulnerability'
4+
comments: false
5+
categories:
6+
- chef
7+
advisory:
8+
gem: chef
9+
cve: 2010-5142
10+
ghsa: f68m-q26r-64f6
11+
url: https://github.com/advisories/GHSA-f68m-q26r-64f6
12+
title: Chef Improper Access Control Vulnerability
13+
date: 2012-08-08
14+
description: |
15+
`chef-server-api/app/controllers/users.rb` in the API in Chef before
16+
0.9.0 does not require administrative privileges for the create,
17+
destroy, and update methods, which allows remote authenticated
18+
users to manage user accounts via requests to the /users URI.
19+
cvss_v2: 6.5
20+
patched_versions:
21+
- ">= 0.9.0"
22+
related:
23+
url:
24+
- https://nvd.nist.gov/vuln/detail/CVE-2010-5142
25+
- https://vuldb.com/?id.61514
26+
- http://tickets.opscode.com/browse/CHEF-1289
27+
- https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8
28+
- https://github.com/advisories/GHSA-f68m-q26r-64f6
29+
---

0 commit comments

Comments
 (0)