{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2013-0233","title":"Title"},{"category":"description","text":"Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2013-0233","url":"https://www.suse.com/security/cve/CVE-2013-0233"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 800955 for CVE-2013-0233","url":"https://bugzilla.suse.com/800955"}],"title":"SUSE CVE CVE-2013-0233","tracking":{"current_release_date":"2023-12-08T04:59:17Z","generator":{"date":"2023-02-15T05:42:33Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2013-0233","initial_release_date":"2023-02-15T05:42:33Z","revision_history":[{"date":"2023-02-15T05:42:33Z","number":"2","summary":"Current version"},{"date":"2023-12-08T04:59:17Z","number":"3","summary":"Current version"}],"status":"interim","version":"3"}}}