CVE-2010-5142
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
chef-server-api/app/controllers/users.rb en la API en Chef anterior a v0.9.0 no requieren privilegios administrativos para crear, destruir, y métodos de actualización, que permite a usuarios remotos autenticados administrar cuentas de usuario a través de solicitudes a los usuarios URI.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-08 CVE Reserved
- 2012-08-08 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://tickets.opscode.com/browse/CHEF-1289 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8 | 2012-08-13 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | <= 0.8.10 Search vendor "Opscode" for product "Chef" and version " <= 0.8.10" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.7.2 Search vendor "Opscode" for product "Chef" and version "0.7.2" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.7.4 Search vendor "Opscode" for product "Chef" and version "0.7.4" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.7.6 Search vendor "Opscode" for product "Chef" and version "0.7.6" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.7.8 Search vendor "Opscode" for product "Chef" and version "0.7.8" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.7.10 Search vendor "Opscode" for product "Chef" and version "0.7.10" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.7.12 Search vendor "Opscode" for product "Chef" and version "0.7.12" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.7.14 Search vendor "Opscode" for product "Chef" and version "0.7.14" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.8.2 Search vendor "Opscode" for product "Chef" and version "0.8.2" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.8.4 Search vendor "Opscode" for product "Chef" and version "0.8.4" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.8.6 Search vendor "Opscode" for product "Chef" and version "0.8.6" | - |
Affected
| ||||||
| Opscode Search vendor "Opscode" | Chef Search vendor "Opscode" for product "Chef" | 0.8.8 Search vendor "Opscode" for product "Chef" and version "0.8.8" | - |
Affected
| ||||||