Описание
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
Ссылки
- Issue Tracking
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.2 (включая)
cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 52%
0.00289
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-184
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
redhat
больше 8 лет назад
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
CVSS3: 9.8
github
больше 8 лет назад
Safemode Gem Has Incomplete List of Disallowed Inputs
EPSS
Процентиль: 52%
0.00289
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-184
NVD-CWE-noinfo