CVE-2013-2113
published 2013-07-31CVE-2013-2113: The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other…
medium6CVSS 3.1
AVNACMAuSCPIPAP
EXPLOIT
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | openstack | — | — |
| theforeman | foreman | <= 1.2.0 | — |
| theforeman | foreman | — | — |