CNNVD-202509-4404 Information
Sep 29, 2025
cve
CNNVD ID
CNNVD-202509-4404
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Chef Software Chef Automate是Chef Software公司的一种自动化平台,用于自动化和管理基础设施、应用程序和合规性,以帮助组织实现持续交付、自动化操作和安全合规性。 Chef Automate 4.13.295之前版本存在信息泄露漏洞,该漏洞源于合规服务中SQL命令输入中和不当,可能导致未经授权访问受限功能。
Description (English)
Chef Software Chef Automate is an automated platform for Chef Software to automate and manage infrastructure, applications and compliance to help organizations achieve continuous delivery, automation and security compliance. Chef Automate 4.13.295 had a leaking loophole, which stemmed from inappropriate input of SQL orders in the compliance service and could lead to unauthorized access to restricted functions.
Hazard Level
Low
Vulnerability Type
信息泄露
Published
2025-09-29
Last Modified
2026-02-24
References
https://docs.chef.io/release_notes_automate/#4.13.295
Patch
https://docs.chef.io/release_notes_automate/#4.13.295
Share on: