CVE-2013-0233 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-0233 Interim 1 4 2023-12-08T02:45:52Z current 2021-05-30T13:08:16Z 2023-12-08T02:45:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-0233 Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. CVE-2013-0233 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P