CVE-2011-5097 - CERT CVE
ID CVE-2011-5097
Sažetak chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.
Reference
CVSS
Base: 5.5
Impact: 4.9
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:S/C:N/I:P/A:P
Zadnje važnije ažuriranje 13-08-2012 - 04:00
Objavljeno 08-08-2012 - 10:26