CVE-2013-2121

Published: Jul 31, 2013Modified: Apr 29, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

Affected (3)

Products: Redhat: Openstack · Theforeman: Foreman

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 3.0
Theforeman Foreman	Up to 1.2.0
Theforeman Foreman	Version 1.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://projects.theforeman.org/issues/2631

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0995.html

Source: secalert@redhat.com

http://www.exploit-db.com/exploits/27045

Source: secalert@redhat.com

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=966804

Source: secalert@redhat.com

Exploit

https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

Source: secalert@redhat.com

http://projects.theforeman.org/issues/2631