Automate

automate

Vendor: Chef • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-8868 1Chef 1Automate Oct 16, 2025 Sep 29, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized...Show more In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token.Show less
CVE-2025-6724 1Chef 1Automate Oct 16, 2025 Sep 29, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs...Show more In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.Show less
CVE-2023-40050 1Chef 1Automate Jun 17, 2026 Oct 31, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.