Chef Infra Client - 1 CVEs (Page 1/1)

About “Chef Infra Client”

A curated feed of “Chef Infra Client”-related CVEs appears below. We currently track 1 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.5 (all time), and 100% are rated High/Critical (all time). Top CWEs (all time): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a LOW impact class. Config management tools have broad privileges. Patch servers and agents, use least privilege, sign artifacts, and audit playbooks and modules. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: chef-infra-client

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	Premier Support	EOL
19	2026-02-05	19.3.15	Unavailable	-
18	2022-09-28	18.10.17	2026-02-05	-
17	2021-04-27	17.10.163	2022-01-10	2026-02-05 Expired
16	2020-04-27	16.18.30	2020-12-19	2022-11-30 Expired
15	2018-10-26	15.17.4	2020-01-21	2020-12-19 Expired
14	2018-01-22	14.15.6	2018-10-26	2020-01-21 Expired
13	2017-03-01	13.12.14	2018-01-22	2018-10-26 Expired
12	2014-11-25	12.22.5	2017-03-01	2018-01-22 Expired
11	2013-02-01	11.18.12	2014-12-03	2017-03-01 Expired
10	2012-06-18	10.34.6	2013-02-01	2014-12-03 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Chef Infra Client” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2017-09-21

High

CVE-2015-8559

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD