CVE-2013-2113

Redhat Openstack < 1.2.0 - Access Control

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-2113. PoCs published by Metasploit, including Metasploit module auxiliary/admin/http/foreman_openstack_satellite_priv_esc.

AI-analyzed exploit summary This exploit leverages a mass assignment vulnerability in Foreman (CVE-2013-2113) to create an arbitrary administrator account. It authenticates with valid credentials, retrieves a CSRF token, and submits a crafted POST request to elevate privileges.

Description

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappslinux
https://www.exploit-db.com/exploits/27776

This exploit leverages a mass assignment vulnerability in Foreman (CVE-2013-2113) to create an arbitrary administrator account. It authenticates with valid credentials, retrieves a CSRF token, and submits a crafted POST request to elevate privileges.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Foreman (Red Hat OpenStack/Satellite) 1.2.0-RC1 and earlier
Auth required
Prerequisites: Valid credentials with 'create_users' permission (e.g., Manager role)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb

This Metasploit module exploits a mass assignment vulnerability in Foreman and Red Hat OpenStack/Satellite to create an arbitrary administrator account. It requires valid credentials with 'create_users' permission.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier)
Auth required
Prerequisites: Valid credentials with 'create_users' permission
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0995.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=968166
Issue Tracking x_refsource_confirm
http://projects.theforeman.org/issues/2630

Scores

EPSS 0.4745
EPSS Percentile 97.8%

Details

CWE
CWE-264
Status published
Products (3)
redhat/openstack 3.0
theforeman/foreman 1.1
theforeman/foreman < 1.2.0
Published Jul 31, 2013
Tracked Since Feb 18, 2026