GHSA SYNC: 1 brand new advisory

jasnow · postmodern · commit 0387f6f7972d · 2024-02-09T10:39:09.000-08:00
diff --git a/gems/chef/CVE-2010-5142.yml b/gems/chef/CVE-2010-5142.yml
@@ -0,0 +1,22 @@
+---
+gem: chef
+cve: 2010-5142
+ghsa: f68m-q26r-64f6
+url: https://github.com/advisories/GHSA-f68m-q26r-64f6
+title: Chef Improper Access Control Vulnerability
+date: 2012-08-08
+description: |
+  `chef-server-api/app/controllers/users.rb` in the API in Chef before
+  0.9.0 does not require administrative privileges for the create,
+  destroy, and update methods, which allows remote authenticated
+  users to manage user accounts via requests to the /users URI.
+cvss_v2: 6.5
+patched_versions:
+  - ">= 0.9.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-5142
+    - https://vuldb.com/?id.61514
+    - http://tickets.opscode.com/browse/CHEF-1289
+    - https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8
+    - https://github.com/advisories/GHSA-f68m-q26r-64f6
