Primary

Context

Progress Chef Automate SQL Injection Vulnerability in Compliance Service Allowing Access to Restricted Functionality

Vulnerability

Patched

A vulnerability exists in Progress Chef Automate compliance service on Linux x86 platforms, in versions prior to 4.13.295. It allows authenticated attackers to access restricted functionality by exploiting improperly sanitized inputs in an SQL command, using a well-known token.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted functionality within the Chef Automate compliance service.

Added: Sep 29, 2025, 12:19 PM

Updated: Sep 29, 2025, 8:09 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress Chef Automate SQL Injection Vulnerability in Compliance Service Allowing Access to Restricted Functionality

Vulnerability

Impact

Affected Products

Progress Chef Automate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating