4
CVSSv2

CVE-2013-2506

Published: 08/03/2013 Updated: 18/03/2013
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Vulnerability Summary

app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x prior to 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

spreecommerce spree 1.1.1

spreecommerce spree 1.1.3

spreecommerce spree 1.2.1

spreecommerce spree 1.2.3

spreecommerce spree 1.1.4

spreecommerce spree 1.1.5

spreecommerce spree 1.1.6

spreecommerce spree 1.2.0

spreecommerce spree 1.3.0

spreecommerce spree 1.3.1

spreecommerce spree 1.3.2

spreecommerce spree 1.1.0

spreecommerce spree 1.1.2

spreecommerce spree 1.2.2

spreecommerce spree 1.2.4