CVE-2013-2113

EUVD-2013-2083
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
redhatopenstack
3.0
theforemanforeman
𝑥
≤ 1.2.0
theforemanforeman
1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://projects.theforeman.org/issues/2630
http://rhn.redhat.com/errata/RHSA-2013-0995.html
https://bugzilla.redhat.com/show_bug.cgi?id=968166
https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU
http://projects.theforeman.org/issues/2630
http://rhn.redhat.com/errata/RHSA-2013-0995.html
https://bugzilla.redhat.com/show_bug.cgi?id=968166
https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU