CVE-2017-7540

CRITICAL

rubygem-safemode <1.3.2 - Privilege Escalation

Title source: llm

Description

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

References (1)

[Issue Tracking] https://github.com/svenfuchs/safemode/pull/23

Scores

CVSS v3 9.8

EPSS 0.0029

EPSS Percentile 52.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-184

Status draft

Affected Products (2)

safemode_project/safemode < 1.3.2

rubygems/safemode < 1.3.2RubyGems

Timeline

Published Jul 21, 2017

Tracked Since Feb 18, 2026