{"id":"CVE-2023-28864","details":"Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the \"chef-server-ctl reconfigure\" command.","modified":"2025-11-20T12:17:32.080383Z","published":"2023-07-17T20:15:13.343Z","references":[{"type":"WEB","url":"https://github.com/chef/chef-server/blob/8a2dc82148844767f7c7728633a03dcee812e56a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc_bifrost.rb#L42"},{"type":"ARTICLE","url":"https://blog.mondoo.com/chef-infra-server-cve-2023-28864-impact-and-remediation"},{"type":"ADVISORY","url":"https://docs.chef.io/release_notes_server/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/chef/chef-server","events":[{"introduced":"cd9bb59e4d0e54be910660de513493650c536b0c"},{"fixed":"af0b0acd5c10b53c57678a549c892d8212edcb3f"}]}],"versions":["0.1.1","0.1.2","0.18.1","0.18.2","0.19.0","0.19.1","0.19.10","0.19.11","0.19.12","0.19.2","0.19.3","0.19.4","0.19.5","0.19.6","0.19.7","0.19.8","0.19.9","0.2.0","0.2.1","0.2.2","0.2.5","0.2.6","0.2.7","0.2.8","0.20.0","0.20.1","0.20.2","0.20.3","0.20.4","0.20.5","0.20.6","0.21.0","0.21.1","0.21.10","0.21.11","0.21.12","0.21.13","0.21.14","0.21.15","0.21.16","0.21.17","0.21.18","0.21.19","0.21.2","0.21.20","0.21.21","0.21.22","0.21.23","0.21.24","0.21.25","0.21.26","0.21.27","0.21.28","0.21.29","0.21.3","0.21.30","0.21.31","0.21.32","0.21.33","0.21.34","0.21.35","0.21.36","0.21.37","0.21.4","0.21.5","0.21.6","0.21.7","0.21.8","0.21.9","0.22.1","0.22.2","0.23.0","0.23.1","0.23.2","0.23.3","0.24.0","0.24.1","0.24.2","0.24.3","0.24.4","0.24.5","0.24.6","0.25.0","0.25.1","0.25.10","0.25.11","0.25.12","0.25.13","0.25.14","0.25.15","0.25.16","0.25.17","0.25.18","0.25.19","0.25.2","0.25.20","0.25.21","0.25.22","0.25.23","0.25.3","0.25.4","0.25.5","0.25.6","0.25.7","0.25.8","0.25.9","0.26.0","0.26.1","0.26.2","0.26.3","0.26.4","0.26.5","0.26.6","0.26.7","0.26.8","0.27.1","0.27.2","0.27.3","0.27.4","0.27.5","0.27.6","0.27.7","0.28.0","0.28.1","0.28.2","0.28.3","0.28.4","0.28.5","0.29.0","0.29.1","0.29.2","0.29.3","0.29.4","0.3.0","0.3.1","0.3.2","0.3.3","0.30.0","0.4.0","0.4.2","0.4.3","0.4.4","0.5.0","1.0.0","1.0.1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17","1.0.18","1.0.19","1.0.2","1.0.20","1.0.21","1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29","1.0.3","1.0.30","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39","1.0.4","1.0.40","1.0.41","1.0.42","1.0.43","1.0.44","1.0.45","1.0.46","1.0.47","1.0.47.1","1.0.48","1.0.49","1.0.5","1.0.50","1.0.51","1.0.52","1.0.53","1.0.54","1.0.55","1.0.56","1.0.57","1.0.58","1.0.59","1.0.6","1.0.60","1.0.61","1.0.62","1.0.64","1.0.65","1.0.66","1.0.67","1.0.68","1.0.69","1.0.7","1.0.70","1.0.71","1.0.72","1.0.73","1.0.74","1.0.75","1.0.76","1.0.77","1.0.78","1.0.79","1.0.8","1.0.9","1.3.0","1.3.1","1.4.1","1.4.5","1.5.0","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.7.0","1.8.0","1.8.1","1.8.2","1.8.3","12.0.0","12.0.1","12.0.3","12.0.4","12.0.5","12.0.6","12.0.7","12.0.8","12.1.0","12.1.0-alpha.1","12.1.0-rc.1","12.1.0-rc.2","12.1.0-rc.3","12.1.1","12.1.2","12.10.0","12.11.0","12.11.1","12.12.0","12.13.0","12.14.0","12.15.0","12.15.1","12.15.10","12.15.11","12.15.12","12.15.13","12.15.14","12.15.15","12.15.16","12.15.17","12.15.18","12.15.19","12.15.2","12.15.20","12.15.21","12.15.22","12.15.23","12.15.24","12.15.25","12.15.26","12.15.3","12.15.4","12.15.5","12.15.6","12.15.7","12.15.8","12.15.9","12.16.1","12.16.10","12.16.11","12.16.12","12.16.13","12.16.14","12.16.15","12.16.16","12.16.17","12.16.2","12.16.3","12.16.4","12.16.5","12.16.6","12.16.7","12.16.8","12.16.9","12.17.1","12.17.10","12.17.11","12.17.12","12.17.13","12.17.14","12.17.15","12.17.16","12.17.17","12.17.18","12.17.19","12.17.2","12.17.20","12.17.21","12.17.22","12.17.23","12.17.24","12.17.25","12.17.26","12.17.27","12.17.28","12.17.29","12.17.3","12.17.30","12.17.31","12.17.32","12.17.33","12.17.34","12.17.35","12.17.36","12.17.37","12.17.38","12.17.39","12.17.4","12.17.40","12.17.41","12.17.42","12.17.43","12.17.44","12.17.45","12.17.46","12.17.47","12.17.48","12.17.49","12.17.5","12.17.50","12.17.51","12.17.52","12.17.53","12.17.54","12.17.55","12.17.56","12.17.57","12.17.58","12.17.59","12.17.6","12.17.60","12.17.61","12.17.62","12.17.63","12.17.64","12.17.65","12.17.66","12.17.67","12.17.68","12.17.69","12.17.7","12.17.70","12.17.71","12.17.72","12.17.73","12.17.74","12.17.8","12.17.9","12.18.0","12.18.1","12.18.10","12.18.2","12.18.3","12.18.4","12.18.5","12.18.6","12.18.7","12.18.8","12.18.9","12.19.0","12.19.1","12.19.10","12.19.11","12.19.12","12.19.13","12.19.14","12.19.15","12.19.16","12.19.17","12.19.18","12.19.19","12.19.2","12.19.20","12.19.21","12.19.22","12.19.23","12.19.24","12.19.25","12.19.26","12.19.27","12.19.28","12.19.29","12.19.3","12.19.30","12.19.31","12.19.32","12.19.33","12.19.34","12.19.35","12.19.36","12.19.37","12.19.38","12.19.39","12.19.4","12.19.40","12.19.41","12.19.42","12.19.43","12.19.44","12.19.45","12.19.46","12.19.5","12.19.6","12.19.7","12.19.8","12.19.9","12.2.0","12.3.0","12.3.1","12.4.0","12.4.1","12.5.0","12.6.0","12.7.0","12.8.0","12.9.0","12.9.1","13.0.0","13.0.1","13.0.10","13.0.11","13.0.12","13.0.13","13.0.14","13.0.15","13.0.16","13.0.17","13.0.18","13.0.19","13.0.2","13.0.20","13.0.21","13.0.22","13.0.23","13.0.24","13.0.25","13.0.26","13.0.27","13.0.28","13.0.29","13.0.3","13.0.30","13.0.31","13.0.32","13.0.33","13.0.34","13.0.35","13.0.36","13.0.37","13.0.38","13.0.39","13.0.4","13.0.40","13.0.41","13.0.42","13.0.43","13.0.44","13.0.45","13.0.46","13.0.47","13.0.48","13.0.49","13.0.5","13.0.50","13.0.51","13.0.52","13.0.53","13.0.54","13.0.55","13.0.56","13.0.57","13.0.58","13.0.59","13.0.6","13.0.60","13.0.61","13.0.62","13.0.63","13.0.64","13.0.65","13.0.66","13.0.67","13.0.68","13.0.69","13.0.7","13.0.70","13.0.71","13.0.72","13.0.73","13.0.74","13.0.75","13.0.8","13.0.9","13.1.0","13.1.1","13.1.10","13.1.11","13.1.12","13.1.13","13.1.14","13.1.15","13.1.16","13.1.17","13.1.18","13.1.19","13.1.2","13.1.20","13.1.21","13.1.22","13.1.23","13.1.24","13.1.25","13.1.26","13.1.27","13.1.28","13.1.29","13.1.3","13.1.30","13.1.31","13.1.32","13.1.33","13.1.34","13.1.35","13.1.36","13.1.37","13.1.38","13.1.39","13.1.4","13.1.40","13.1.41","13.1.42","13.1.43","13.1.44","13.1.45","13.1.46","13.1.47","13.1.48","13.1.49","13.1.5","13.1.50","13.1.51","13.1.52","13.1.53","13.1.54","13.1.55","13.1.56","13.1.57","13.1.58","13.1.59","13.1.6","13.1.60","13.1.61","13.1.62","13.1.63","13.1.64","13.1.65","13.1.66","13.1.67","13.1.68","13.1.69","13.1.7","13.1.70","13.1.71","13.1.8","13.1.9","13.2.0","13.2.1","13.2.10","13.2.11","13.2.12","13.2.13","13.2.14","13.2.15","13.2.16","13.2.17","13.2.18","13.2.19","13.2.2","13.2.20","13.2.21","13.2.22","13.2.23","13.2.24","13.2.25","13.2.26","13.2.27","13.2.28","13.2.29","13.2.3","13.2.30","13.2.31","13.2.32","13.2.33","13.2.34","13.2.35","13.2.36","13.2.37","13.2.38","13.2.39","13.2.4","13.2.40","13.2.41","13.2.42","13.2.43","13.2.44","13.2.45","13.2.46","13.2.47","13.2.48","13.2.49","13.2.5","13.2.6","13.2.7","13.2.8","13.2.9","14.0.0","14.0.1","14.0.10","14.0.11","14.0.12","14.0.13","14.0.14","14.0.15","14.0.16","14.0.17","14.0.18","14.0.19","14.0.2","14.0.20","14.0.21","14.0.22","14.0.23","14.0.24","14.0.25","14.0.26","14.0.27","14.0.28","14.0.29","14.0.3","14.0.30","14.0.31","14.0.32","14.0.33","14.0.34","14.0.35","14.0.36","14.0.37","14.0.38","14.0.39","14.0.4","14.0.40","14.0.41","14.0.42","14.0.43","14.0.44","14.0.45","14.0.46","14.0.47","14.0.48","14.0.49","14.0.5","14.0.50","14.0.51","14.0.52","14.0.53","14.0.54","14.0.55","14.0.56","14.0.57","14.0.58","14.0.59","14.0.6","14.0.60","14.0.61","14.0.62","14.0.63","14.0.64","14.0.65","14.0.66","14.0.67","14.0.68","14.0.69","14.0.7","14.0.70","14.0.71","14.0.72","14.0.73","14.0.74","14.0.75","14.0.76","14.0.77","14.0.78","14.0.79","14.0.8","14.0.80","14.0.81","14.0.82","14.0.83","14.0.84","14.0.85","14.0.86","14.0.87","14.0.88","14.0.89","14.0.9","14.0.90","14.0.91","14.0.92","14.0.93","14.0.94","14.0.95","14.0.96","14.0.97","14.0.98","14.0.99","14.1.0","14.1.1","14.1.10","14.1.11","14.1.12","14.1.13","14.1.14","14.1.15","14.1.16","14.1.17","14.1.18","14.1.19","14.1.2","14.1.20","14.1.21","14.1.22","14.1.23","14.1.24","14.1.25","14.1.26","14.1.27","14.1.28","14.1.29","14.1.3","14.1.30","14.1.4","14.1.5","14.1.6","14.1.7","14.1.8","14.1.9","14.10.0","14.10.1","14.10.10","14.10.11","14.10.12","14.10.13","14.10.14","14.10.15","14.10.16","14.10.17","14.10.18","14.10.19","14.10.2","14.10.20","14.10.21","14.10.22","14.10.23","14.10.24","14.10.25","14.10.26","14.10.27","14.10.28","14.10.29","14.10.3","14.10.30","14.10.31","14.10.32","14.10.33","14.10.34","14.10.35","14.10.36","14.10.37","14.10.38","14.10.39","14.10.4","14.10.40","14.10.41","14.10.42","14.10.43","14.10.44","14.10.45","14.10.46","14.10.47","14.10.48","14.10.49","14.10.5","14.10.50","14.10.6","14.10.7","14.10.8","14.11.0","14.11.1","14.11.10","14.11.11","14.11.12","14.11.13","14.11.14","14.11.15","14.11.16","14.11.17","14.11.18","14.11.19","14.11.2","14.11.20","14.11.21","14.11.22","14.11.23","14.11.24","14.11.25","14.11.26","14.11.27","14.11.28","14.11.29","14.11.3","14.11.30","14.11.31","14.11.32","14.11.33","14.11.34","14.11.35","14.11.36","14.11.37","14.11.38","14.11.39","14.11.4","14.11.40","14.11.41","14.11.42","14.11.43","14.11.5","14.11.6","14.11.7","14.11.8","14.11.9","14.12.0","14.12.1","14.12.10","14.12.11","14.12.12","14.12.13","14.12.14","14.12.15","14.12.16","14.12.17","14.12.18","14.12.19","14.12.2","14.12.20","14.12.21","14.12.22","14.12.23","14.12.24","14.12.25","14.12.26","14.12.27","14.12.28","14.12.29","14.12.3","14.12.30","14.12.31","14.12.32","14.12.33","14.12.34","14.12.35","14.12.4","14.12.5","14.12.6","14.12.7","14.12.8","14.12.9","14.13.0","14.13.1","14.13.10","14.13.11","14.13.12","14.13.13","14.13.14","14.13.15","14.13.16","14.13.17","14.13.18","14.13.19","14.13.2","14.13.20","14.13.21","14.13.22","14.13.23","14.13.24","14.13.25","14.13.26","14.13.27","14.13.28","14.13.29","14.13.3","14.13.30","14.13.31","14.13.32","14.13.33","14.13.34","14.13.35","14.13.36","14.13.37","14.13.38","14.13.39","14.13.4","14.13.40","14.13.41","14.13.42","14.13.43","14.13.44","14.13.45","14.13.46","14.13.47","14.13.48","14.13.49","14.13.5","14.13.50","14.13.51","14.13.52","14.13.53","14.13.54","14.13.55","14.13.56","14.13.57","14.13.58","14.13.59","14.13.6","14.13.60","14.13.61","14.13.62","14.13.63","14.13.64","14.13.65","14.13.66","14.13.67","14.13.68","14.13.69","14.13.7","14.13.8","14.13.9","14.14.0","14.14.1","14.14.10","14.14.2","14.14.3","14.14.4","14.14.5","14.14.6","14.14.7","14.14.8","14.14.9","14.15.0","14.15.1","14.15.10","14.15.11","14.15.12","14.15.13","14.15.14","14.15.15","14.15.16","14.15.17","14.15.18","14.15.19","14.15.2","14.15.20","14.15.21","14.15.22","14.15.23","14.15.24","14.15.25","14.15.3","14.15.4","14.15.5","14.15.6","14.15.7","14.15.8","14.15.9","14.16.0","14.16.1","14.16.10","14.16.11","14.16.12","14.16.13","14.16.14","14.16.15","14.16.16","14.16.17","14.16.18","14.16.19","14.16.2","14.16.20","14.16.21","14.16.22","14.16.23","14.16.24","14.16.25","14.16.26","14.16.3","14.16.4","14.16.5","14.16.6","14.16.8","14.16.9","14.2.0","14.2.1","14.2.10","14.2.11","14.2.12","14.2.13","14.2.14","14.2.15","14.2.16","14.2.17","14.2.18","14.2.19","14.2.2","14.2.20","14.2.21","14.2.22","14.2.23","14.2.24","14.2.25","14.2.3","14.2.4","14.2.5","14.2.6","14.2.7","14.2.8","14.2.9","14.3.0","14.3.1","14.3.10","14.3.11","14.3.12","14.3.13","14.3.14","14.3.15","14.3.16","14.3.17","14.3.18","14.3.19","14.3.2","14.3.20","14.3.21","14.3.22","14.3.23","14.3.24","14.3.25","14.3.26","14.3.27","14.3.28","14.3.29","14.3.3","14.3.4","14.3.5","14.3.6","14.3.7","14.3.8","14.3.9","14.4.0","14.4.1","14.4.2","14.4.3","14.4.4","14.4.5","14.4.6","14.4.7","14.5.0","14.5.1","14.5.10","14.5.11","14.5.12","14.5.13","14.5.14","14.5.15","14.5.16","14.5.17","14.5.18","14.5.19","14.5.2","14.5.20","14.5.21","14.5.22","14.5.23","14.5.24","14.5.25","14.5.26","14.5.27","14.5.28","14.5.29","14.5.3","14.5.30","14.5.31","14.5.32","14.5.33","14.5.4","14.5.5","14.5.6","14.5.7","14.5.8","14.5.9","14.6.0","14.6.1","14.6.10","14.6.11","14.6.12","14.6.13","14.6.14","14.6.15","14.6.16","14.6.17","14.6.18","14.6.19","14.6.2","14.6.20","14.6.21","14.6.22","14.6.23","14.6.24","14.6.25","14.6.26","14.6.27","14.6.28","14.6.29","14.6.3","14.6.30","14.6.31","14.6.32","14.6.33","14.6.34","14.6.35","14.6.36","14.6.37","14.6.38","14.6.4","14.6.5","14.6.6","14.6.7","14.6.8","14.6.9","14.7.0","14.7.1","14.7.10","14.7.11","14.7.12","14.7.13","14.7.14","14.7.15","14.7.16","14.7.17","14.7.18","14.7.19","14.7.2","14.7.20","14.7.21","14.7.22","14.7.23","14.7.24","14.7.25","14.7.26","14.7.27","14.7.28","14.7.29","14.7.3","14.7.30","14.7.31","14.7.32","14.7.4","14.7.5","14.7.6","14.7.7","14.7.8","14.7.9","14.8.0","14.8.1","14.8.10","14.8.11","14.8.12","14.8.13","14.8.14","14.8.15","14.8.16","14.8.17","14.8.18","14.8.19","14.8.2","14.8.3","14.8.4","14.8.5","14.8.6","14.8.7","14.8.8","14.8.9","14.9.0","14.9.1","14.9.10","14.9.11","14.9.12","14.9.13","14.9.14","14.9.15","14.9.16","14.9.17","14.9.18","14.9.19","14.9.2","14.9.20","14.9.21","14.9.22","14.9.23","14.9.24","14.9.25","14.9.26","14.9.27","14.9.28","14.9.29","14.9.3","14.9.30","14.9.31","14.9.4","14.9.5","14.9.6","14.9.7","14.9.8","14.9.9","15.0.0","15.0.1","15.0.10","15.0.11","15.0.12","15.0.13","15.0.14","15.0.15","15.0.16","15.0.17","15.0.18","15.0.19","15.0.2","15.0.20","15.0.21","15.0.22","15.0.23","15.0.24","15.0.25","15.0.26","15.0.27","15.0.28","15.0.29","15.0.3","15.0.30","15.0.31","15.0.32","15.0.33","15.0.34","15.0.35","15.0.4","15.0.5","15.0.6","15.0.7","15.0.8","15.0.9","15.1.0","15.1.1","15.1.10","15.1.11","15.1.12","15.1.13","15.1.14","15.1.15","15.1.16","15.1.17","15.1.18","15.1.19","15.1.2","15.1.20","15.1.21","15.1.22","15.1.23","15.1.24","15.1.25","15.1.26","15.1.27","15.1.28","15.1.29","15.1.3","15.1.30","15.1.31","15.1.32","15.1.33","15.1.4","15.1.5","15.1.6","15.1.7","15.1.8","15.1.9","15.2.0","15.2.1","15.2.10","15.2.2","15.2.3","15.2.4","15.2.5","15.2.6","15.2.7","15.2.8","15.2.9","15.3.0","15.3.1","15.3.10","15.3.11","15.3.12","15.3.13","15.3.14","15.3.15","15.3.16","15.3.17","15.3.18","15.3.19","15.3.2","15.3.20","15.3.21","15.3.22","15.3.23","15.3.24","15.3.25","15.3.26","15.3.27","15.3.3","15.3.4","15.3.5","15.3.6","15.3.7","15.3.8","15.3.9","15.4.0","15.4.1","15.4.2","15.4.3","15.4.4","15.5.0","15.5.1","15.5.2","15.5.3","15.5.4","15.6.0","15.6.1","15.6.10","15.6.11","15.6.12","15.6.2","15.6.3","15.6.4","15.6.5","15.6.6","15.6.7","15.6.8","15.6.9","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.2.0","2.2.1","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.19","2.2.2","2.2.20","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.3.0","beta-1","dev-1.0.0","dev-1.0.2","dev-1.0.3","dev-1.0.4","dev-1.0.5","hab-pkg-bookshelf","hab-pkg-chef-server-nginx","hab-pkg-oc_erchef","hab-pkg-openresty-noroot","ned-1.0","rel-0.1.0","rel-0.18.0","rel-1.0.0","rel-1.0.1","rel-1.0.2","request-logger"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28864.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}