UBUNTU-CVE-2023-28864

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-28864

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-28864.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-28864

Upstream

CVE-2023-28864

Published

2023-07-17T20:15:00Z

Modified

2025-10-24T05:01:54Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

References

Affected packages

Ubuntu:14.04:LTS / chef

Package

Name: chef
Purl: pkg:deb/ubuntu/chef@11.8.2-2?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.12.0-3

11.*

11.8.2-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "11.8.2-2",
            "binary_name": "chef"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-28864.json"

Ubuntu:16.04:LTS / chef

Package

Name: chef
Purl: pkg:deb/ubuntu/chef@12.3.0-3ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.3.0-2ubuntu1

12.3.0-3ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "12.3.0-3ubuntu1",
            "binary_name": "chef"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-28864.json"

Ubuntu:18.04:LTS / chef

Package

Name: chef
Purl: pkg:deb/ubuntu/chef@12.14.60-3ubuntu1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.14.60-3

12.14.60-3ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "12.14.60-3ubuntu1",
            "binary_name": "chef"
        },
        {
            "binary_version": "12.14.60-3ubuntu1",
            "binary_name": "ruby-chef-config"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-28864.json"

Ubuntu:20.04:LTS / chef

Package

Name: chef
Purl: pkg:deb/ubuntu/chef@15.8.25.3.gcf41df6a2-6?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

13.*

13.8.7-4

15.*

15.8.25.3.gcf41df6a2-6

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "15.8.25.3.gcf41df6a2-6",
            "binary_name": "chef"
        },
        {
            "binary_version": "15.8.25.3.gcf41df6a2-6",
            "binary_name": "chef-bin"
        },
        {
            "binary_version": "15.8.25.3.gcf41df6a2-6",
            "binary_name": "ruby-chef-config"
        },
        {
            "binary_version": "15.8.25.3.gcf41df6a2-6",
            "binary_name": "ruby-chef-utils"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-28864.json"