Lucene search
HistoryJul 31, 2013 - 1:20 p.m.
CVE-2013-2113
foreman
privilege escalation
cve-2013-2113
nvd
security vulnerability
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.111 Low
EPSS
Percentile
95.2%
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Affected configurations
Node
redhatopenstackMatch3.0
ORtheforemanforemanRange≤1.2.0rc1
ORtheforemanforemanMatch1.1
Related
zdt
zdt
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
2013-08-22 00:00:00
packetstorm
packetstorm
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
2013-08-21 00:00:00
cvelist
cvelist
CVE-2013-2113
2013-07-31 10:00:00
nvd
nvd
CVE-2013-2113
2013-07-31 13:20:25
prion
prion
Design/Logic Flaw
2013-07-31 13:20:00
veracode
veracode
Privilege Escalations
2019-01-15 08:55:24
redhat
redhat
(RHSA-2013:0995) Important: Foreman security and bug fix update
2013-06-27 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.111 Low
EPSS
Percentile
95.2%
Related for CVE-2013-2113