ID CVE-2013-0233
Summary Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
References
Vulnerable Configurations
  • plataformatec devise 1.5.0
    cpe:2.3:a:plataformatec:devise:1.5.0
  • plataformatec devise 1.5.1
    cpe:2.3:a:plataformatec:devise:1.5.1
  • plataformatec devise 1.5.2
    cpe:2.3:a:plataformatec:devise:1.5.2
  • plataformatec devise 1.5.3
    cpe:2.3:a:plataformatec:devise:1.5.3
  • plataformatec devise 2.0.0
    cpe:2.3:a:plataformatec:devise:2.0.0
  • plataformatec devise 2.0.1
    cpe:2.3:a:plataformatec:devise:2.0.1
  • plataformatec devise 2.0.2
    cpe:2.3:a:plataformatec:devise:2.0.2
  • plataformatec devise 2.0.3
    cpe:2.3:a:plataformatec:devise:2.0.3
  • plataformatec devise 2.0.4
    cpe:2.3:a:plataformatec:devise:2.0.4
  • plataformatec devise 2.1.0
    cpe:2.3:a:plataformatec:devise:2.1.0
  • plataformatec devise 2.1.1
    cpe:2.3:a:plataformatec:devise:2.1.1
  • plataformatec devise 2.1.2
    cpe:2.3:a:plataformatec:devise:2.1.2
  • plataformatec devise 2.2.0
    cpe:2.3:a:plataformatec:devise:2.2.0
  • plataformatec devise 2.2.1
    cpe:2.3:a:plataformatec:devise:2.2.1
  • plataformatec devise 2.2.2
    cpe:2.3:a:plataformatec:devise:2.2.2
  • Ruby-lang Ruby
    cpe:2.3:a:ruby-lang:ruby
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
CVSS
Base: 6.8 (as of 26-04-2013 - 10:12)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
metasploit via4
description The Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the reset_password_token parameter. This allows for resetting passwords of arbitrary accounts, knowing only the associated email address. This module defaults to the most common devise URIs and response values, but these may require adjustment for implementations which customize them. Affects Devise < v2.2.3, 2.1.3, 2.0.5 and 1.5.4 when backed by any database except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4 on Rails 3.2.11. Patch applied to Rails 3.2.12 and 3.1.11 should prevent exploitation of this vulnerability, by quoting numeric values when comparing them with non numeric values.
id MSF:AUXILIARY/ADMIN/HTTP/RAILS_DEVISE_PASS_RESET
last seen 2019-02-23
modified 2017-07-24
published 2013-02-11
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/rails_devise_pass_reset.rb
title Ruby on Rails Devise Authentication Password Reset
nessus via4
NASL family SuSE Local Security Checks
NASL id OPENSUSE-2013-166.NASL
description rubygem-devise was updated to version 1.5.4 fixing bugs and security issue : - wrong records may be read when sending specifically crafted requests (bnc#800955) (CVE-2013-0233)
last seen 2019-02-21
modified 2018-11-10
plugin id 74908
published 2014-06-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=74908
title openSUSE Security Update : rubygem-devise (openSUSE-SU-2013:0374-1)
refmap via4
bid 57577
confirm http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
misc
mlist [oss-security] 20130128 Re: CVE request for 'devise' ruby gem
suse openSUSE-SU-2013:0374
Last major update 01-05-2013 - 00:00
Published 25-04-2013 - 19:55
Last modified 30-10-2018 - 12:27
Back to Top