Candidate: CVE-2011-5097
PublicDate: 2012-08-08 10:26:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5097
Description:
 chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before
 0.9.18, and 0.10.x before 0.10.2, does not require administrative
 privileges for the update and destroy methods, which allows remote
 authenticated users to (1) upload cookbooks via a knife cookbook upload
 command or (2) delete cookbooks via a knife cookbook delete command.
Ubuntu-Description:
Notes:
Bugs:
 http://tickets.opscode.com/browse/CHEF-2436
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_chef:
 upstream: https://github.com/opscode/chef/commit/a4ea6edab2fecb922f999cffb0daa04eeeec7a26
upstream_chef: needs-triage
hardy_chef: DNE
lucid_chef: ignored (reached end-of-life)
natty_chef: ignored (reached end-of-life)
oneiric_chef: ignored (reached end-of-life)
precise_chef: DNE
quantal_chef: not-affected (code not present)
raring_chef: not-affected (code not present)
saucy_chef: not-affected (code not present)
devel_chef: not-affected (code not present)

Patches_chef-server-api:
upstream_chef-server-api: needs-triage
hardy_chef-server-api: DNE
lucid_chef-server-api: DNE
natty_chef-server-api: DNE
oneiric_chef-server-api: DNE
precise_chef-server-api: DNE
quantal_chef-server-api: not-affected (10.12.0-1)
raring_chef-server-api: not-affected (10.12.0-1)
saucy_chef-server-api: not-affected (10.12.0-1)
devel_chef-server-api: not-affected (10.12.0-1)