CVE-2013-0233

Published Apr 25, 2013

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Evaluator

Comment: -
Impact: Per http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html "Affected Products: openSUSE 12.2"
Solution: Per http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html "Affected Products: openSUSE 12.2"

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4F9C7C7-7723-43D4-91F6-6186D9C9BB10"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70B06452-931F-4975-84A3-36C1364C9C11"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C259DDDF-BC40-46F5-BFFA-0FF2C93E62B0"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:1.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B7320C8-E9CB-4954-AE38-2EB81C1BE4E4"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5682C78A-1FC7-41F8-873E-C61EC8CEA475"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B10284E-9813-4941-9D46-A2E6A7E4B3D0"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43680C09-6447-4567-9693-09EABE846CDF"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3096DCF-E91B-4D83-BD15-28D42C12F3B9"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5C542B5-B5DE-462F-82F8-854837DA1B1D"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD02E50-A2C8-43CC-A839-E5CA4A208EC2"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49F151AD-49A1-4B6C-BD13-EAC3C9329D56"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9785762C-15CA-4511-AE99-63063E1C4D91"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3646CD4-0C1D-43F7-9259-A6F6D6F8FE4C"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB24CBA3-26EA-4B6C-9EBF-018A8004BFE5"
          },
          {
            "criteria": "cpe:2.3:a:plataformatec:devise:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FB39D4E-850B-4D13-9B2B-F8DBE707F5E7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "264DD094-A8CD-465D-B279-C834DDA5F79C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References