CVE-2023-40050 Information

Description

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.

Reference

https://docs.chef.io/automate/profiles/ https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050 https://docs.chef.io/release_notes_automate/