CVE-2015-8559

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
References
Link Resource
https://github.com/chef/chef/issues/3871 Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/12/14/14 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:chef:chef:*:*:*:*:*:*:*:*

History

28 Jun 2021, 12:15

Type Values Removed Values Added
Summary The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages. The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.

Information

Published : 2017-09-21 14:29

Updated : 2021-06-28 12:15


NVD link : CVE-2015-8559

Mitre link : CVE-2015-8559


JSON object : View

Products Affected

chef

  • chef
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor