Red Hat Bugzilla – Bug 1473243
CVE-2017-7540 rubygem-safemode: Bypassing the whitelist of safe commands via block_pass
Last modified: 2018-01-30 19:22:17 EST
A vulnerability was found in rubygem-safemode, used e.g. in Foreman. It has been found that user rendering a template (e.g. with edit_templates permission) can bypass safe mode limitations through a special ruby syntax. This can lead e.g. to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
Name: Tomer Brisker (Red Hat)
ruby193-rubygem-safemode shipped in Red Hat Ceph Storage 1.3 is in tech preview and would be used only when installing ceph with foreman installer. Installing ceph via ceph-deploy does not use ruby193-rubygem-safemode.