CVE-2013-2113

Published: Jul 31, 2013Modified: Apr 29, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.

Affected (3)

Products: Redhat: Openstack · Theforeman: Foreman

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 3.0
Theforeman Foreman	Up to 1.2.0
Theforeman Foreman	Version 1.1

Related CWEs

References (8)

http://projects.theforeman.org/issues/2630

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0995.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=968166

Source: secalert@redhat.com

https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

Source: secalert@redhat.com

http://projects.theforeman.org/issues/2630

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0995.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=968166

Source: af854a3a-2127-422b-91ae-364da2661108

https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.