{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40050", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2023-08-08T19:44:41.112Z", "datePublished": "2023-10-31T14:07:59.881Z", "dateUpdated": "2024-09-06T15:41:14.418Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.chef.io/downloads", "defaultStatus": "affected", "modules": ["Automate Upload Profile"], "packageName": "Automate", "platforms": ["Linux"], "product": "Chef Automate", "repo": "https://github.com/chef/automate", "vendor": "Progress Software Corporation", "versions": [{"lessThanOrEqual": "4.10.29", "status": "affected", "version": "4.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HackerOne - tas50"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. </p>\n\n\n\n\n\n\n\n\n\n"}], "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-10-31T14:07:59.881Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.chef.io/release_notes_automate/"}, {"tags": ["release-notes"], "url": "https://docs.chef.io/automate/profiles/"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Solution (optional): </strong>Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n<br>"}], "value": "\nSolution (optional): Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Workaround (optional): </strong>Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n<br>"}], "value": "\nWorkaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.691Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.chef.io/release_notes_automate/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://docs.chef.io/automate/profiles/"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}]}, {"affected": [{"vendor": "chef", "product": "automate", "cpes": ["cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.10.29", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T15:36:39.457247Z", "id": "CVE-2023-40050", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T15:41:14.418Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.chef.io/release_notes_automate/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://docs.chef.io/automate/profiles/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.691Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40050", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-06T15:36:39.457247Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*"], "vendor": "chef", "product": "automate", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.10.29"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T15:41:10.773Z"}}], "cna": {"title": "Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HackerOne - tas50"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/chef/automate", "vendor": "Progress Software Corporation", "modules": ["Automate Upload Profile"], "product": "Chef Automate", "versions": [{"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.10.29"}], "platforms": ["Linux"], "packageName": "Automate", "collectionURL": "https://www.chef.io/downloads", "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "\nSolution (optional): Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Solution (optional): </strong>Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n<br>", "base64": false}]}], "references": [{"url": "https://docs.chef.io/release_notes_automate/", "tags": ["release-notes"]}, {"url": "https://docs.chef.io/automate/profiles/", "tags": ["release-notes"]}, {"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "\nWorkaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Workaround (optional): </strong>Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. </p>\n\n\n\n\n\n\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-10-31T14:07:59.881Z"}}}, "cveMetadata": {"cveId": "CVE-2023-40050", "state": "PUBLISHED", "dateUpdated": "2024-09-06T15:41:14.418Z", "dateReserved": "2023-08-08T19:44:41.112Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2023-10-31T14:07:59.881Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*", "matchCriteriaId": "906C8F59-E452-439A-873A-955FC0BCFF02", "versionEndIncluding": "4.10.29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Cargue el perfil a trav\u00e9s de API o interfaz de usuario en Chef Automate antes de la versi\u00f3n 4.10.29 incluida utilizando el comando de verificaci\u00f3n InSpec con un perfil creado con fines malintencionados que permite la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2023-40050", "lastModified": "2024-11-21T08:18:36.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security@progress.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-31T15:15:09.227", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://docs.chef.io/automate/profiles/"}, {"source": "security@progress.com", "tags": ["Release Notes"], "url": "https://docs.chef.io/release_notes_automate/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://docs.chef.io/automate/profiles/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.chef.io/release_notes_automate/"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-434"}], "source": "security@progress.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}