CVE-2013-2113
43Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 21%
from disclosure to weapon22 days
Published on NVDJul 31
1st PoC+22d
metasploitJun 6
exploitation probability
21%top 3% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/27776unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.