CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
progresschef_infra_server
12.0.0 ≤
𝑥
< 15.7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chef
oracular
dne
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://blog.mondoo.com/chef-infra-server-cve-2023-28864-impact-and-remediation
https://docs.chef.io/release_notes_server/
https://github.com/chef/chef-server/blob/8a2dc82148844767f7c7728633a03dcee812e56a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc_bifrost.rb#L42
https://blog.mondoo.com/chef-infra-server-cve-2023-28864-impact-and-remediation
https://docs.chef.io/release_notes_server/
https://github.com/chef/chef-server/blob/8a2dc82148844767f7c7728633a03dcee812e56a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc_bifrost.rb#L42