Medium
CVE-2025-6723
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and expl…
Tag: Chef InSpec
All CVEs associated with "Chef InSpec". Page 1/1 • 2 CVEs.
About “Chef InSpec”
A curated feed of “Chef InSpec”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 7.3 (all time; 5.8 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management.
In our taxonomy this topic maps to a LOW impact class. Config management tools have broad privileges. Patch servers and agents, use least privilege, sign artifacts, and audit playbooks and modules. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: chef-inspec
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Premier Support | EOL | LTS |
|---|---|---|---|---|---|
| 7 | 7.1.7 | Unavailable | - | ||
| 6 | 6.8.24 | - | |||
| 5 | 5.24.7 | Expired | |||
| 4 | 4.56.58 | Expired | |||
| 3 | 3.9.3 | Expired | |||
| 2 | 2.3.28 | Expired | |||
| 1 | 1.51.31 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Chef InSpec” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-01-30
2023-10-31
High
CVE-2023-42658
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.