← Volver a CVEs
CVE-2017-7540
N/ADescripcion
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado7/21/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
safemode_project:safemode
Debilidades (CWE)
CWE-184
Referencias
https://github.com/svenfuchs/safemode/pull/23(secalert@redhat.com)
https://github.com/svenfuchs/safemode/pull/23(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.