Chef Automate
Approved changes feed: RSS · Atom
cpe:2.3:a:progress_software:chef_automate:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Progress Software (96c4320b-2c72-5331-bd5a-d39d72393793) |
|---|---|
| Product | Chef Automate (20730d6e-630a-5a88-adb9-94795c3b933d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8868 |
vulnerable | 2026-06-03 15:13:44.931322 |
Chef Automate compliance service SQL Injection Vulnerability
CRITICAL (9.8)
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via
improperly neutralized inputs used in an SQL command using a well-known token.
Published: 2025-09-29T11:29:50.463Z
Updated: 2025-09-29T12:55:02.884Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6724 |
vulnerable | 2026-06-03 15:12:28.749000 |
Chef Automate SQL Injection Vulnerability
HIGH (8.8)
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.
Published: 2025-09-29T11:29:42.695Z
Updated: 2025-09-29T13:02:01.775Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.