Lucene search

K
cve[email protected]CVE-2013-0233
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2013-0233

2022-10-0316:15:04
CWE-399
web.nvd.nist.gov
50
devise gem
ruby
database
security vulnerability
cve-2013-0233

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.139 Low

EPSS

Percentile

95.7%

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

Affected configurations

NVD
Node
plataformatecdeviseMatch1.5.0
OR
plataformatecdeviseMatch1.5.1
OR
plataformatecdeviseMatch1.5.2
OR
plataformatecdeviseMatch1.5.3
OR
plataformatecdeviseMatch2.0.0
OR
plataformatecdeviseMatch2.0.1
OR
plataformatecdeviseMatch2.0.2
OR
plataformatecdeviseMatch2.0.3
OR
plataformatecdeviseMatch2.0.4
OR
plataformatecdeviseMatch2.1.0
OR
plataformatecdeviseMatch2.1.1
OR
plataformatecdeviseMatch2.1.2
OR
plataformatecdeviseMatch2.2.0
OR
plataformatecdeviseMatch2.2.1
OR
plataformatecdeviseMatch2.2.2
AND
ruby-langruby
Node
opensuseopensuseMatch12.2

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.139 Low

EPSS

Percentile

95.7%