Main Vulnerability Database Exploits ID:4135 - Exploit for Resource management error in Opensuse - CVE-2013-0233

ID:4135 - Exploit for Resource management error in Opensuse - CVE-2013-0233

Published: August 11, 2020

Vulnerability identifier: #VU42868

Vulnerability risk: Medium

CVE-ID: CVE-2013-0233

CWE-ID: CWE-399

Exploitation vector: Remote access

Vulnerable software:
Opensuse

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/admin/http/rails_devise_pass_reset

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. Per http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html "Affected Products: openSUSE 12.2"

Remediation

Install update from vendor's website.

ID:4135 - Exploit for Resource management error in Opensuse - CVE-2013-0233

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human