nvd-json-data-feeds/CVE-2010/CVE-2010-51xx/CVE-2010-5142.json

{
  "id": "CVE-2010-5142",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2012-08-08T10:26:17.503",
  "lastModified": "2024-11-21T01:22:33.533",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI."
    },
    {
      "lang": "es",
      "value": "chef-server-api/app/controllers/users.rb en la API en Chef anterior a v0.9.0 no requieren privilegios administrativos para crear, destruir, y m\u00e9todos de actualizaci\u00f3n, que permite a usuarios remotos autenticados administrar cuentas de usuario a trav\u00e9s de solicitudes a los usuarios URI."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "baseScore": 6.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "0.8.10",
              "matchCriteriaId": "56BED2E7-173C-4990-AD1E-061B006C0083"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4303E45B-3CC7-4F86-9AA3-9DE9E340DDB7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DE318AD-5737-453F-90B9-449A3593887E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0FB009E-708B-41BE-98E3-0548204A594A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C369798E-2499-4DD5-8C13-F7A3D0BCAED9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E247C8C9-7404-4920-9CA8-91316483CF01"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0189B6A3-9D58-40D7-BB42-101A600B5014"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B55226-BC34-4060-A37D-8317B8BFB43B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E624C53F-1755-4E88-B575-1AB92781A06C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA73864-4852-47D9-9EB9-A2AD654D0BAC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "112F8AEB-9DD0-4A68-B69C-B677BE373DAE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opscode:chef:0.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C6B61EE-2F0D-49DC-ADFD-D0A25A21B8B6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://tickets.opscode.com/browse/CHEF-1289",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://tickets.opscode.com/browse/CHEF-1289",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ]
    }
  ]
}