Unrated severityNVD Advisory· Published Oct 31, 2023· Updated Sep 6, 2024
Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application
CVE-2023-40050
Description
Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=4.10.29
- Progress Software Corporation/Chef Automatev5Range: 4.0.0
Patches
Vulnerability mechanics
References
3- community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050mitrevendor-advisory
- docs.chef.io/automate/profiles/mitrerelease-notes
- docs.chef.io/release_notes_automate/mitrerelease-notes
News mentions
0No linked articles in our index yet.