CVE-2013-2121

Redhat Openstack < 1.2.0 - Code Injection

Title source: rule

Description

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/27045

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocruby

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb

View Code ZIP pw:eip

References (5)

[Issue Tracking] http://projects.theforeman.org/issues/2631

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0995.html

[Mailing List] https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

[Exploit] http://www.exploit-db.com/exploits/27045

[Exploit] https://bugzilla.redhat.com/show_bug.cgi?id=966804

Scores

EPSS 0.6092

EPSS Percentile 98.3%

Details

CWE

CWE-94

Status published

Products (3)

redhat/openstack 3.0

theforeman/foreman 1.1

theforeman/foreman < 1.2.0

Published Jul 31, 2013

Tracked Since Feb 18, 2026