CNNVD-202601-5003 Information
CNNVD ID
CNNVD-202601-5003
Related CVE
- CNNVD Published: 2026-01-30
Description (Chinese)
Chef InSpec是Chef公司的一种开源的自动化测试和合规性检查框架,旨在帮助开发人员和运维团队编写、运行和维护自动化的测试脚本,以验证应用程序和基础设施的合规性和安全性。 Chef InSpec 5.23及之前版本存在授权问题漏洞,该漏洞源于命名管道访问控制过于宽松,可能导致权限提升或操作中断。
Description (English)
Chef InSpec, an open-source automated testing and compliance inspection framework for Chef, aims to assist in the development, operation and maintenance of automated testing scripts by personnel and transport teams to validate the compliance and security of applications and infrastructure. Chef InSpec 5.23 and previous versions had a mandate gap, which stemmed from the looseness of the name conduit access controls, which could lead to power upgrades or disruptions.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
Chef
Published
2026-01-30
Last Modified
2026-02-24
References
https://docs.chef.io/inspec/ https://access.redhat.com/security/cve/cve-2025-6723
Share on: