Lucene search

K
cve[email protected]CVE-2013-0233
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2013-0233

2022-10-0316:15:04
CWE-399
web.nvd.nist.gov
51
devise gem
ruby
database
security vulnerability
cve-2013-0233

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.139 Low

EPSS

Percentile

95.7%

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

Affected configurations

NVD
Node
plataformatecdeviseMatch1.5.0
OR
plataformatecdeviseMatch1.5.1
OR
plataformatecdeviseMatch1.5.2
OR
plataformatecdeviseMatch1.5.3
OR
plataformatecdeviseMatch2.0.0
OR
plataformatecdeviseMatch2.0.1
OR
plataformatecdeviseMatch2.0.2
OR
plataformatecdeviseMatch2.0.3
OR
plataformatecdeviseMatch2.0.4
OR
plataformatecdeviseMatch2.1.0
OR
plataformatecdeviseMatch2.1.1
OR
plataformatecdeviseMatch2.1.2
OR
plataformatecdeviseMatch2.2.0
OR
plataformatecdeviseMatch2.2.1
OR
plataformatecdeviseMatch2.2.2
AND
ruby-langruby
Node
opensuseopensuseMatch12.2

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.139 Low

EPSS

Percentile

95.7%