MidnightBSD

Advisories for chef_manage_project

CVE-2017-7174 HIGH

The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
chef_manage_project chef_manage 2.3.0
chef_manage_project chef_manage 2.4.2
chef_manage_project chef_manage 2.1.0
chef_manage_project chef_manage 2.2.0
chef_manage_project chef_manage 2.1.2
chef_manage_project chef_manage 2.4.1
chef_manage_project chef_manage 2.2.1
chef_manage_project chef_manage 2.4.0
chef_manage_project chef_manage 2.4.3
chef_manage_project chef_manage 2.1.1
chef_manage_project chef_manage 2.4.4