CVE-2017-7540

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7540

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7540.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-7540

Aliases

GHSA-5vx5-9q73-wgp4

Published

2017-07-21T22:29:00Z

Modified

2024-10-12T02:51:47.703485Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

References

https://github.com/svenfuchs/safemode/pull/23

Affected packages

Git / github.com/svenfuchs/safemode

Affected ranges

Type: GIT
Repo: https://github.com/svenfuchs/safemode
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e54f3a709532e19b82d53bf4df3a519e6938fdf7

Affected versions

v1.*

v1.0.1

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.3.0

v1.3.1

v1.3.2