What is CVE-2013-2121?

CVE-2013-2121 is a vulnerability in Theforeman Foreman, classified under Code Injection. Published 2013-07-31.

Is CVE-2013-2121 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Theforeman Foreman

CVE-2013-2121

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.609 (98.3th percentile) — read the EPSS interpretation.

Affected products

Theforeman Foreman — versions 1.1
Redhat Openstack — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:0995 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
27045 (Exploit, exploit, x_refsource_EXPLOIT-DB)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)

Frequently asked questions

What is CVE-2013-2121?: CVE-2013-2121 is a vulnerability in Theforeman Foreman, classified under Code Injection. Published 2013-07-31.
Is CVE-2013-2121 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.