Theforeman : Security Vulnerabilities, CVEs, Published In 2013
CVE-2013-2121
Public exploit
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Max CVSS
6.0
EPSS Score
50.86%
Published
2013-07-31
Updated
2023-02-13
CVE-2013-2113
Public exploit
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Max CVSS
6.0
EPSS Score
11.10%
Published
2013-07-31
Updated
2023-02-13
2 vulnerabilities found