// For flags

CVE-2013-0233

Ruby On Rails Devise Authentication Password Reset

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

Devise v2.2.x antes de v2.2.3, v2.1.x antes de v2.1.3, v2.0.x antes de v2.0.5, v1.5.x antes de v1.5.4 de Ruby, al utilizar ciertas bases de datos, no funciona correctamente cuando se realiza la conversión de tipos consultas de base de datos, lo que podría permitir a atacantes remotos provocar resultados incorrectos para ser devueltos y eludir los controles de seguridad a través de vectores desconocidos, como lo demuestra restablecer las contraseñas de las cuentas arbitrarias.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-06 CVE Reserved
  • 2013-04-25 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
1.5.0
Search vendor "Plataformatec" for product "Devise" and version "1.5.0"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
1.5.1
Search vendor "Plataformatec" for product "Devise" and version "1.5.1"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
1.5.2
Search vendor "Plataformatec" for product "Devise" and version "1.5.2"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
1.5.3
Search vendor "Plataformatec" for product "Devise" and version "1.5.3"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.0.0
Search vendor "Plataformatec" for product "Devise" and version "2.0.0"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.0.1
Search vendor "Plataformatec" for product "Devise" and version "2.0.1"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.0.2
Search vendor "Plataformatec" for product "Devise" and version "2.0.2"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.0.3
Search vendor "Plataformatec" for product "Devise" and version "2.0.3"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.0.4
Search vendor "Plataformatec" for product "Devise" and version "2.0.4"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.1.0
Search vendor "Plataformatec" for product "Devise" and version "2.1.0"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.1.1
Search vendor "Plataformatec" for product "Devise" and version "2.1.1"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.1.2
Search vendor "Plataformatec" for product "Devise" and version "2.1.2"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.2.0
Search vendor "Plataformatec" for product "Devise" and version "2.2.0"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.2.1
Search vendor "Plataformatec" for product "Devise" and version "2.2.1"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Plataformatec
Search vendor "Plataformatec"
Devise
Search vendor "Plataformatec" for product "Devise"
2.2.2
Search vendor "Plataformatec" for product "Devise" and version "2.2.2"
-
Affected
in Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
*-
Safe
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.2
Search vendor "Opensuse" for product "Opensuse" and version "12.2"
-
Affected