Vulnerability Details : CVE-2013-2113
Public exploit exists!
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Exploit prediction scoring system (EPSS) score for CVE-2013-2113
Probability of exploitation activity in the next 30 days: 11.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-2113
-
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
Disclosure Date: 2013-06-06First seen: 2020-04-26auxiliary/admin/http/foreman_openstack_satellite_priv_escThis module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator account. For this exploit to work, your account must
CVSS scores for CVE-2013-2113
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2013-2113
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2113
-
http://projects.theforeman.org/issues/2630
Bug #2630: Users with create/edit user permissions can escalate to admin - Foreman
-
https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU
Sign in - Google Accounts
-
http://rhn.redhat.com/errata/RHSA-2013-0995.html
RHSA-2013:0995 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=968166
968166 – (CVE-2013-2121) CVE-2013-2121 Foreman: app/controllers/bookmarks_controller.rb remote code execution
Products affected by CVE-2013-2113
- cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:theforeman:foreman:*:rc1:*:*:*:*:*:*
- cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*