Remote Code Execution Vulnerability in Chef Automate 4.10.29

Remote Code Execution Vulnerability in Chef Automate 4.10.29

CVE-2023-40050 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.

Learn more about our Api Penetration Testing.