{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T21:50:50.901","vulnerabilities":[{"cve":{"id":"CVE-2023-40050","sourceIdentifier":"security@progress.com","published":"2023-10-31T15:15:09.227","lastModified":"2024-11-21T08:18:36.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"},{"lang":"es","value":"Cargue el perfil a través de API o interfaz de usuario en Chef Automate antes de la versión 4.10.29 incluida utilizando el comando de verificación InSpec con un perfil creado con fines malintencionados que permite la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*","versionEndIncluding":"4.10.29","matchCriteriaId":"906C8F59-E452-439A-873A-955FC0BCFF02"}]}]}],"references":[{"url":"https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050","source":"security@progress.com","tags":["Vendor Advisory"]},{"url":"https://docs.chef.io/automate/profiles/","source":"security@progress.com","tags":["Product"]},{"url":"https://docs.chef.io/release_notes_automate/","source":"security@progress.com","tags":["Release Notes"]},{"url":"https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://docs.chef.io/automate/profiles/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://docs.chef.io/release_notes_automate/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}}]}