CVE-2023-42658
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 94
CWE ID 917
Summary
CVE-2023-42658 is a vulnerability affecting the Archive command in Chef InSpec versions prior to 4.56.58 and 5.22.29. Maliciously crafted profiles can exploit this issue to execute local commands, posing a significant security risk. This vulnerability may allow unauthorized users to gain administrative access and compromise the system. System administrators are strongly encouraged to update Chef InSpec to a patched version as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Chef Software, Inc.