CVE-2017-7540

CRITICAL

rubygem-safemode <1.3.2 - Privilege Escalation

Title source: llm

Description

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

References (1)

[Issue Tracking] https://github.com/svenfuchs/safemode/pull/23

Scores

CVSS v3 9.8

EPSS 0.0029

EPSS Percentile 52.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-184

Status published

Products (3)

Red Hat, Inc./rubygem-safemode 1.3.2 and earlier

rubygems/safemode 0 - 1.3.2RubyGems

safemode_project/safemode < 1.3.2

Published Jul 21, 2017

Tracked Since Feb 18, 2026