ГлавнаяУязвимости → CVE-2025-8868
9.8критическая

CVE-2025-8868

Описание

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token.

Затрагиваемое ПО
Chef AutomateLinux Linux kernel
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://docs.chef.io/release_notes_automate/#4.13.295