CVE Vulnerabilities

CVE-2013-2113

Published: Jul 31, 2013 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
3.5 MODERATE
AV:N/AC:M/Au:S/C:N/I:P/A:N
RedHat/V3
Ubuntu

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.

Affected Software

Name Vendor Start Version End Version
Openstack Redhat 3.0 (including) 3.0 (including)
Foreman Theforeman * 1.2.0 (including)
Foreman Theforeman 1.1 (including) 1.1 (including)
OpenStack 3 for RHEL 6 RedHat ruby193-foreman-0:1.1.10009-3.el6ost *
OpenStack 3 for RHEL 6 RedHat ruby193-foreman-proxy-0:1.1.10001-4.el6ost *
OpenStack 3 for RHEL 6 RedHat ruby193-openstack-foreman-installer-0:0.0.18-1.el6ost *
OpenStack 3 for RHEL 6 RedHat ruby193-rubygem-ancestry-0:1.3.0-5.el6ost *
OpenStack 3 for RHEL 6 RedHat ruby193-rubygem-fog-0:1.10.1-11.el6ost *
OpenStack 3 for RHEL 6 RedHat ruby193-rubygem-mysql-0:2.8.1-4.el6ost *
OpenStack 3 for RHEL 6 RedHat ruby193-rubygem-safemode-0:1.2.0-9.el6ost *

References