CVE-2023-40050

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050	Vendor Advisory
https://docs.chef.io/automate/profiles/	Product
https://docs.chef.io/release_notes_automate/	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*

History

08 Nov 2023, 17:34

Type	Values Removed	Values Added
First Time		Chef Chef automate
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:a:chef:automate::::::::
CWE		CWE-94
References	~~(MISC) https://docs.chef.io/automate/profiles/ -~~	(MISC) https://docs.chef.io/automate/profiles/ - Product
References	~~(MISC) https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050 -~~	(MISC) https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050 - Vendor Advisory
References	~~(MISC) https://docs.chef.io/release_notes_automate/ -~~	(MISC) https://docs.chef.io/release_notes_automate/ - Release Notes

31 Oct 2023, 15:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-31 15:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-40050

Mitre link : CVE-2023-40050

CVE.ORG link : CVE-2023-40050

JSON object : View

Products Affected

chef

automate

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2023-40050", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2023-10-31T15:15:09.227", "references": [{"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050", "tags": ["Vendor Advisory"], "source": "security@progress.com"}, {"url": "https://docs.chef.io/automate/profiles/", "tags": ["Product"], "source": "security@progress.com"}, {"url": "https://docs.chef.io/release_notes_automate/", "tags": ["Release Notes"], "source": "security@progress.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-434"}, {"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Cargue el perfil a trav\u00e9s de API o interfaz de usuario en Chef Automate antes de la versi\u00f3n 4.10.29 incluida utilizando el comando de verificaci\u00f3n InSpec con un perfil creado con fines malintencionados que permite la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2023-11-08T17:34:25.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "906C8F59-E452-439A-873A-955FC0BCFF02", "versionEndIncluding": "4.10.29"}], "operator": "OR"}]}], "sourceIdentifier": "security@progress.com"}