Candidate: CVE-2010-5142
PublicDate: 2012-08-08 10:26:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5142
Description:
 chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0
 does not require administrative privileges for the create, destroy, and
 update methods, which allows remote authenticated users to manage user
 accounts via requests to the /users URI.
Ubuntu-Description:
Notes:
Bugs:
 http://tickets.opscode.com/browse/CHEF-1289
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_chef:
 upstream: https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8
upstream_chef: needs-triage
hardy_chef: DNE
lucid_chef: ignored (reached end-of-life)
natty_chef: ignored (reached end-of-life)
oneiric_chef: ignored (reached end-of-life)
precise_chef: DNE
quantal_chef: not-affected (code not present)
raring_chef: not-affected (code not present)
saucy_chef: not-affected (code not present)
devel_chef: not-affected (code not present)

Patches_chef-server-api:
upstream_chef-server-api: needs-triage
hardy_chef-server-api: DNE
lucid_chef-server-api: DNE
natty_chef-server-api: DNE
oneiric_chef-server-api: DNE
precise_chef-server-api: DNE
quantal_chef-server-api: not-affected (10.12.0-1)
raring_chef-server-api: not-affected (10.12.0-1)
saucy_chef-server-api: not-affected (10.12.0-1)
devel_chef-server-api: not-affected (10.12.0-1)