Vulnerability Details : CVE-2013-0233
Public exploit exists!
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
Exploit prediction scoring system (EPSS) score for CVE-2013-0233
Probability of exploitation activity in the next 30 days: 9.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-0233
-
Ruby on Rails Devise Authentication Password Reset
Disclosure Date: 2013-01-28First seen: 2020-04-26auxiliary/admin/http/rails_devise_pass_resetThe Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the reset_password_token parameter. This allows for resetting passwords of ar
CVSS scores for CVE-2013-0233
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-0233
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0233
-
http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset
Ruby on Rails Devise Authentication Password ResetExploit
-
http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
Security announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.4 released « Plataformatec BlogVendor Advisory
-
http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html
MySQL madness and Rails | Lands of PacketsExploit
-
https://github.com/Snorby/snorby/issues/261
Update Gemfile for recent Devise security vulnerability (CVE-2013-0233) · Issue #261 · Snorby/snorby · GitHub
-
http://www.securityfocus.com/bid/57577
Devise CVE-2013-0233 Security Bypass Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html
openSUSE-SU-2013:0374-1: moderate: rubygem-devise: updated to version 1.
-
http://www.openwall.com/lists/oss-security/2013/01/29/3
oss-security - Re: CVE request for 'devise' ruby gem
Products affected by CVE-2013-0233
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plataformatec:devise:1.5.0:*:*:*:*:*:*:*