VYPR
Unrated severityNVD Advisory· Published Oct 31, 2023· Updated Sep 6, 2024

Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application

CVE-2023-40050

Description

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.