CVE-2023-42658 - Vulnerability Details - OpenCVE

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00147.

Key SSVC decision points have not yet been added.

Vendors	Products
Chef	Inspec

Configuration 1 [-]

OR	cpe:2.3:a:chef:inspec::::::::
	cpe:2.3:a:chef:inspec::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-47091	Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

Fixes

Solution

Solution (optional): Customers should adopt the latest releases of InSpec on the 4, 5, and 6 supported versions available from the community and customer downloads portals.

Workaround

Workaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.

References

Link	Providers
https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658
https://docs.chef.io/inspec/cli/
https://docs.chef.io/release_notes_inspec/

History

No history.

MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2023-10-31T14:08:03.537Z

Updated: 2024-09-06T16:00:52.926Z

Reserved: 2023-09-12T13:30:29.571Z

Link: CVE-2023-42658

Vulnrichment

Updated: 2024-08-02T19:23:40.222Z

NVD

Status : Modified

Published: 2023-10-31T15:15:09.393

Modified: 2024-11-21T08:22:54.187

Link: CVE-2023-42658

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42658", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2023-09-12T13:30:29.571Z", "datePublished": "2023-10-31T14:08:03.537Z", "dateUpdated": "2024-09-06T16:00:52.926Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://community.chef.io/downloads/tools/inspec?os=windows", "defaultStatus": "affected", "modules": ["InSpec Archive", "InSpec Check", "InSpec Export"], "packageName": "InSpec", "platforms": ["Windows", "Linux", "MacOS"], "product": "Chef InSpec", "repo": "https://github.com/inspec/inspec", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "4.56.58 ", "status": "affected", "version": "4.0.0", "versionType": "semver"}, {"lessThan": "5.22.29", "status": "affected", "version": "5.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HackerOne - tas50"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile."}], "value": "\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-917", "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-10-31T15:14:29.727Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.chef.io/release_notes_inspec/"}, {"tags": ["release-notes"], "url": "https://docs.chef.io/inspec/cli/"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Solution (optional): </strong>Customers should adopt the latest releases of InSpec on the 4, 5, and 6 supported versions available from the community and customer downloads portals.\n\n<br>"}], "value": "\nSolution (optional): Customers should adopt the latest releases of InSpec on the 4, 5, and 6 supported versions available from the community and customer downloads portals.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "InSpec Archive Command Vulnerable to Maliciously Crafted Profile", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<strong>Workaround (optional): </strong>Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n<br>"}], "value": "\nWorkaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:40.222Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.chef.io/release_notes_inspec/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://docs.chef.io/inspec/cli/"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658"}]}, {"affected": [{"vendor": "chef", "product": "inspec", "cpes": ["cpe:2.3:a:chef:inspec:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.0", "status": "affected", "lessThan": "4.56.58", "versionType": "custom"}, {"version": "5.0", "status": "affected", "lessThan": "5.22.29", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "4.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T15:43:59.488901Z", "id": "CVE-2023-42658", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T16:00:52.926Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.chef.io/release_notes_inspec/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://docs.chef.io/inspec/cli/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:40.222Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42658", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-06T15:43:59.488901Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chef:inspec:*:*:*:*:*:*:*:*"], "vendor": "chef", "product": "inspec", "versions": [{"status": "affected", "version": "4.0", "lessThan": "4.56.58", "versionType": "custom"}, {"status": "affected", "version": "5.0", "lessThan": "5.22.29", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "4.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T16:00:44.882Z"}}], "cna": {"title": "InSpec Archive Command Vulnerable to Maliciously Crafted Profile", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HackerOne - tas50"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/inspec/inspec", "vendor": "Progress Software Corporation", "modules": ["InSpec Archive", "InSpec Check", "InSpec Export"], "product": "Chef InSpec", "versions": [{"status": "affected", "version": "4.0.0", "lessThan": "4.56.58 ", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "lessThan": "5.22.29", "versionType": "semver"}], "platforms": ["Windows", "Linux", "MacOS"], "packageName": "InSpec", "collectionURL": "https://community.chef.io/downloads/tools/inspec?os=windows", "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "\nSolution (optional): Customers should adopt the latest releases of InSpec on the 4, 5, and 6 supported versions available from the community and customer downloads portals.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Solution (optional): </strong>Customers should adopt the latest releases of InSpec on the 4, 5, and 6 supported versions available from the community and customer downloads portals.\n\n<br>", "base64": false}]}], "references": [{"url": "https://docs.chef.io/release_notes_inspec/", "tags": ["release-notes"]}, {"url": "https://docs.chef.io/inspec/cli/", "tags": ["release-notes"]}, {"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "\nWorkaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<strong>Workaround (optional): </strong>Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.", "supportingMedia": [{"type": "text/html", "value": "\n\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-917", "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-10-31T15:14:29.727Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42658", "state": "PUBLISHED", "dateUpdated": "2024-09-06T16:00:52.926Z", "dateReserved": "2023-09-12T13:30:29.571Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2023-10-31T14:08:03.537Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chef:inspec:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8BBB3EE-3009-4381-B417-702742CA2A14", "versionEndExcluding": "4.56.58", "vulnerable": true}, {"criteria": "cpe:2.3:a:chef:inspec:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1C87BF9-A413-4F80-8F0D-58778D58740C", "versionEndExcluding": "5.22.29", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile."}, {"lang": "es", "value": "El comando de archivo en Chef InSpec anteriores a 4.56.58 y 5.22.29 permite la ejecuci\u00f3n de comandos locales a trav\u00e9s de un perfil creado con fines malintencionados."}], "id": "CVE-2023-42658", "lastModified": "2024-11-21T08:22:54.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@progress.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-31T15:15:09.393", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658"}, {"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://docs.chef.io/inspec/cli/"}, {"source": "security@progress.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.chef.io/release_notes_inspec/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.chef.io/inspec/cli/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.chef.io/release_notes_inspec/"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-917"}], "source": "security@progress.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}