Security Advisory

CVE-2011-5097

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-08-08 10:00:00

Last updated 2024-09-16 23:36:44

Assigner mitre

State PUBLISHED

Description

chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.

← Browse all CVEs View on cve.org ↗