CVE-2023-40050
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Progress Software Corporation | Chef Automate | 4.0.0 <= 4.10.29 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
Workarounds
Workaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.
ADP Enrichment
CVE Program Container
Additional References
- https://docs.chef.io/release_notes_automate/
- https://docs.chef.io/automate/profiles/
- https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://docs.chef.io/release_notes_automate/
- https://docs.chef.io/automate/profiles/
- https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.