CVE-2010-5142

Name of the Vulnerable Software and Affected Versions Chef versions prior to 0.9.0

Description The issue allows remote authenticated users to manage user accounts without requiring administrative privileges. This is due to the lack of proper access control in the create, destroy, and update methods. The affected API endpoint is "/users URI".

Recommendations For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/users URI" API endpoint to minimize the risk of exploitation.