VDB
CVE-2013-2113
CVE-2013-2113
PUBLISHED
CVSS 6 MEDIUM
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
EPSS 47.45% · 97.8th percentile
Risk Scores
CVSS 2.0
6
EPSS Score
47.45%
97.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | openstack | 3.0 |
| theforeman | foreman | 0, 1.1 |
| n/a | n/a | * |
Exploit Intelligence
- CIRCL seen: CVE-2013-2113 (circl-sighting)
- CIRCL seen: CVE-2013-2113 (circl-sighting)
- CIRCL seen: CVE-2013-2113 (circl-sighting)
- RHSA-2013:0995 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=968166 (circl)
- http://projects.theforeman.org/issues/2630 (circl)
- https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU (circl)
- Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment (0day-today)
- Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment (0day-today)
Timeline
- Jul 31, 2013 CVE Published
- Aug 22, 2013 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- RHSA-2013:0995 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=968166 url
- http://projects.theforeman.org/issues/2630 url
- https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU url
- https://nvd.nist.gov/vuln/detail/CVE-2013-2113 advisory
- https://access.redhat.com/errata/RHSA-2013:0995 url
- https://access.redhat.com/security/cve/CVE-2013-2113 url
- https://bugzilla.redhat.com/show_bug.cgi?id=966804 url
- https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU url