CVE-2013-2113

Redhat Openstack < 1.2.0 - Access Control

Title source: rule

Description

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappslinux

https://www.exploit-db.com/exploits/27776

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb

View Code ZIP pw:eip

References (4)

[Mailing List] https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0995.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=968166

[Issue Tracking] http://projects.theforeman.org/issues/2630

Scores

EPSS 0.4745

EPSS Percentile 97.7%

Details

CWE

CWE-264

Status published

Products (3)

redhat/openstack 3.0

theforeman/foreman 1.1

theforeman/foreman < 1.2.0

Published Jul 31, 2013

Tracked Since Feb 18, 2026