Back to search
CVE-2017-7540
Published: Jul 21, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
| Vendor | Product | Versions |
|---|---|---|
Red Hat, Inc. | rubygem-safemode | affected 1.3.2 and earlier |
Weaknesses (CWE)
References
https://github.com/svenfuchs/safemode/pull/23
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now