Vulnerability Details CVE-2017-7540
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-7540
-
cpe:2.3:a:safemode_project:safemode:0.0.1
-
cpe:2.3:a:safemode_project:safemode:0.0.2
-
cpe:2.3:a:safemode_project:safemode:1.0.0
-
cpe:2.3:a:safemode_project:safemode:1.0.1
-
cpe:2.3:a:safemode_project:safemode:1.0.2
-
cpe:2.3:a:safemode_project:safemode:1.1.0
-
cpe:2.3:a:safemode_project:safemode:1.2.0
-
cpe:2.3:a:safemode_project:safemode:1.2.1
-
cpe:2.3:a:safemode_project:safemode:1.2.2
-
cpe:2.3:a:safemode_project:safemode:1.2.3
-
cpe:2.3:a:safemode_project:safemode:1.2.4
-
cpe:2.3:a:safemode_project:safemode:1.2.5
-
cpe:2.3:a:safemode_project:safemode:1.3.1
-
cpe:2.3:a:safemode_project:safemode:1.3.2