What the vulnerability does

01Description

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

Key dates

02Disclosure timeline

July 21, 2017 CVE published
August 5, 2024 Record updated