Chef Software

2 exploits Active since Aug 2019

CVE-2020-11651 NOMISEC CRITICAL SCANNER

SaltStack Salt <2019.2.4,3000.2 - RCE

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

6 stars

CVSS 9.8

View Code

CVE-2019-15224 NOMISEC CRITICAL SCANNER

Rest-client < 1.6.13 - Code Injection

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.

1 stars

CVSS 9.8

View Code