← back
CVE-2013-2113

CVE-2013-2113

43Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 21%
from disclosure to weapon22 days
Published on NVDJul 31
1st PoC+22d
metasploitJun 6
exploitation probability
21%top 3% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.