CVE-2017-7540

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7540

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7540.json

Aliases

GHSA-5vx5-9q73-wgp4

Published

2017-07-21T22:29:00Z

Modified

2024-05-14T06:09:40.849638Z

Summary

[none]

Details

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

References

https://github.com/svenfuchs/safemode/pull/23

Affected packages

Git / github.com/svenfuchs/safemode

Affected ranges

Type: GIT
Repo: https://github.com/svenfuchs/safemode
Events: Introduced

0The exact introduced commit is unknown

Last affected

e54f3a709532e19b82d53bf4df3a519e6938fdf7

Affected versions

v1.*

v1.0.1

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.3.0

v1.3.1

v1.3.2