CVE-2013-2121

Redhat Openstack < 1.2.0 - Code Injection

Title source: rule

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-2121. PoCs published by Metasploit, including Metasploit module exploits/linux/http/foreman_openstack_satellite_code_exec.

AI-analyzed exploit summary This exploit targets a code injection vulnerability in Foreman and Red Hat OpenStack/Satellite (CVE-2013-2121). It authenticates, retrieves a CSRF token, and injects a Ruby payload via the 'bookmarks/create' endpoint.

Description

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/27045

View Code ZIP pw:eip

This exploit targets a code injection vulnerability in Foreman and Red Hat OpenStack/Satellite (CVE-2013-2121). It authenticates, retrieves a CSRF token, and injects a Ruby payload via the 'bookmarks/create' endpoint.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foreman (and Red Hat OpenStack/Satellite) 1.2.0-RC1 and earlier

Auth required

Prerequisites: Valid credentials for the Foreman application · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocruby

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a code injection vulnerability in Foreman and Red Hat OpenStack/Satellite by leveraging the 'bookmarks/create' endpoint to execute arbitrary Ruby code via crafted parameters. It authenticates, retrieves a CSRF token, and injects a payload into the 'bookmark[controller]' parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foreman (1.2.0-RC1 and earlier), Red Hat OpenStack/Satellite

Auth required

Prerequisites: Valid credentials for the Foreman application · Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Issue Tracking x_refsource_confirm

http://projects.theforeman.org/issues/2631

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0995.html

Mailing List x_refsource_confirm

https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/27045

Exploit x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=966804

Scores

EPSS 0.2478

EPSS Percentile 97.6%

Details

CWE

CWE-94

Status published

Products (3)

redhat/openstack 3.0

theforeman/foreman 1.1

theforeman/foreman < 1.2.0

Published Jul 31, 2013

Tracked Since Feb 18, 2026