CVE-2023-42658 HIGH

CVE-2023-42658: InSpec Archive Command Vulnerable to Maliciously Crafted Profile

Vendor Progress Software Corporation
Product Chef InSpec
Weakness CWE-94 · Code injection
Published October 31, 2023
Last update September 6, 2024

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

Key dates

02Disclosure timeline

October 31, 2023 CVE published
September 6, 2024 Record updated