CVE-2023-42658

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 94
CWE ID 917

Summary

CVE-2023-42658 is a vulnerability affecting the Archive command in Chef InSpec versions prior to 4.56.58 and 5.22.29. Maliciously crafted profiles can exploit this issue to execute local commands, posing a significant security risk. This vulnerability may allow unauthorized users to gain administrative access and compromise the system. System administrators are strongly encouraged to update Chef InSpec to a patched version as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share