Lucene search
HistoryJul 31, 2013 - 1:20 p.m.
CVE-2013-2121
cve-2013-2121
eval injection
bookmarks controller
foreman
remote authenticated users
arbitrary code execution
nvd
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.509 Medium
EPSS
Percentile
97.5%
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Affected configurations
Node
redhatopenstackMatch3.0
ORtheforemanforemanRange≤1.2.0rc1
ORtheforemanforemanMatch1.1
Related
zdt
zdt
Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability
2013-07-23 00:00:00
packetstorm
packetstorm
Foreman (Red Hat OpenStack/Satellite) Code Injection
2013-07-23 00:00:00
cvelist
cvelist
CVE-2013-2121
2013-07-31 10:00:00
nvd
nvd
CVE-2013-2121
2013-07-31 13:20:25
checkpoint_advisories
checkpoint_advisories
Foreman Red Hat OpenStack bookmarks Code Injection (CVE-2013-2121)
2013-10-06 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:45:55
prion
prion
Design/Logic Flaw
2013-07-31 13:20:00
redhat
redhat
(RHSA-2013:0995) Important: Foreman security and bug fix update
2013-06-27 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.509 Medium
EPSS
Percentile
97.5%
Related for CVE-2013-2121