CVE-2013-0233
Ruby On Rails Devise Authentication Password Reset
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
Devise v2.2.x antes de v2.2.3, v2.1.x antes de v2.1.3, v2.0.x antes de v2.0.5, v1.5.x antes de v1.5.4 de Ruby, al utilizar ciertas bases de datos, no funciona correctamente cuando se realiza la conversión de tipos consultas de base de datos, lo que podría permitir a atacantes remotos provocar resultados incorrectos para ser devueltos y eludir los controles de seguridad a través de vectores desconocidos, como lo demuestra restablecer las contraseñas de las cuentas arbitrarias.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-06 CVE Reserved
- 2013-04-25 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2013/01/29/3 | Mailing List | |
http://www.securityfocus.com/bid/57577 | Vdb Entry | |
https://github.com/Snorby/snorby/issues/261 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset | 2024-09-17 | |
http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html | 2024-09-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 1.5.0 Search vendor "Plataformatec" for product "Devise" and version "1.5.0" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 1.5.1 Search vendor "Plataformatec" for product "Devise" and version "1.5.1" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 1.5.2 Search vendor "Plataformatec" for product "Devise" and version "1.5.2" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 1.5.3 Search vendor "Plataformatec" for product "Devise" and version "1.5.3" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.0.0 Search vendor "Plataformatec" for product "Devise" and version "2.0.0" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.0.1 Search vendor "Plataformatec" for product "Devise" and version "2.0.1" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.0.2 Search vendor "Plataformatec" for product "Devise" and version "2.0.2" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.0.3 Search vendor "Plataformatec" for product "Devise" and version "2.0.3" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.0.4 Search vendor "Plataformatec" for product "Devise" and version "2.0.4" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.1.0 Search vendor "Plataformatec" for product "Devise" and version "2.1.0" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.1.1 Search vendor "Plataformatec" for product "Devise" and version "2.1.1" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.1.2 Search vendor "Plataformatec" for product "Devise" and version "2.1.2" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.2.0 Search vendor "Plataformatec" for product "Devise" and version "2.2.0" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.2.1 Search vendor "Plataformatec" for product "Devise" and version "2.2.1" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Plataformatec Search vendor "Plataformatec" | Devise Search vendor "Plataformatec" for product "Devise" | 2.2.2 Search vendor "Plataformatec" for product "Devise" and version "2.2.2" | - |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | * | - |
Safe
|
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2" | - |
Affected
|