PT-2017-17557 · Chef · Chef Manage

Published

2017-03-17

Updated

2019-10-03

CVE-2017-7174

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chef Manage versions 2.1.0 through 2.4.4

Description The user-account creation feature in Chef Manage allows remote attackers to execute arbitrary code. This issue is fixed in version 2.4.5.

Recommendations For versions 2.1.0 through 2.4.4, update to version 2.4.5 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-7174

Affected Products

Chef Manage

PT-2017-17557 · Chef · Chef Manage

CVE-2017-7174

Related Identifiers

Affected Products

References · 4