Unrated severityNVD Advisory· Published Jul 31, 2013· Updated Apr 29, 2026

CVE-2013-2113

Description

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.

Affected products

Red Hat/Openstack
cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
Theforeman/Foreman2 versions
cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:theforeman:foreman:*:rc1:*:*:*:*:*:*range: <=1.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

projects.theforeman.org/issues/2630nvd
rhn.redhat.com/errata/RHSA-2013-0995.htmlnvd
bugzilla.redhat.com/show_bug.cginvd
groups.google.com/forum/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.038
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000