Lucene search
RedhatCVE-2013-2113HistoryJul 31, 2013 - 1:20 p.m.
CVE-2013-2113
2013-07-3113:20:25
CWE-264
redhat
web.nvd.nist.gov
30
foreman
privilege escalation
cve-2013-2113
nvd
security vulnerability
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.105
Percentile
95.1%
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Affected configurations
Node
redhatopenstackMatch3.0
ORtheforemanforemanRange≤1.2.0rc1
ORtheforemanforemanMatch1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | openstack | 3.0 | cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:* |
| theforeman | foreman | * | cpe:2.3:a:theforeman:foreman:*:rc1:*:*:*:*:*:* |
| theforeman | foreman | 1.1 | cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-2113
2013-07-31 10:00:00
prion
prion
Design/Logic Flaw
2013-07-31 13:20:00
zdt
zdt
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
2013-08-22 00:00:00
exploitdb
exploitdb
packetstorm
packetstorm
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
2013-08-21 00:00:00
metasploit
metasploit
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
2013-07-22 18:24:25
nvd
nvd
CVE-2013-2113
2013-07-31 13:20:25
veracode
veracode
Privilege Escalations
2019-01-15 08:55:24
redhat
redhat
(RHSA-2013:0995) Important: Foreman security and bug fix update
2013-06-27 00:00:00
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.105
Percentile
95.1%
Related for CVE-2013-2113