CVE-2026-8668
Hardcoded credentials in embedded content
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:H/SI:N/SA:L/E:P/S:N/AU:Y/RE:L
Produtos afetados
Progress Chef · Chef360Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://docs.chef.io/release_notes/360/