CVE-2013-2113

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.2.0-RC2

Description The issue allows remote authenticated users with permissions to create or edit other users to gain privileges. This can be achieved by either changing the admin flag or assigning an arbitrary role. The create method in the users controller is vulnerable to this issue.

Recommendations For versions prior to 1.2.0-RC2, update to version 1.2.0-RC2 or later to resolve the issue. As a temporary workaround, consider restricting access to the users controller create method to minimize the risk of exploitation.