Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6hub-g2ja-afaw
Vulnerability ID VCID-6hub-g2ja-afaw
Aliases CVE-2016-3693
GHSA-c92m-rrrc-q5wf
Summary Information disclosure vulnerability safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
System Score Found at
cvssv3.1 8.1 http://projects.theforeman.org/issues/14635
generic_textual HIGH http://projects.theforeman.org/issues/14635
cvssv3.1 8.1 http://rubysec.com/advisories/CVE-2016-3693
generic_textual HIGH http://rubysec.com/advisories/CVE-2016-3693
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2018:0336
generic_textual HIGH https://access.redhat.com/errata/RHSA-2018:0336
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2016-3693
cvssv3 8.1 http://seclists.org/oss-sec/2016/q2/119
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-c92m-rrrc-q5wf
cvssv3.1 8.1 https://github.com/svenfuchs/safemode
generic_textual HIGH https://github.com/svenfuchs/safemode
cvssv3.1 8.1 https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
generic_textual HIGH https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
cvssv3.1 8.1 https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2
generic_textual HIGH https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2016-3693
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2016-3693
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2016-3693
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2016-3693
cvssv3.1 8.1 http://theforeman.org/security.html#2016-3693
generic_textual HIGH http://theforeman.org/security.html#2016-3693
cvssv3.1 8.1 http://www.openwall.com/lists/oss-security/2016/04/20/8
generic_textual HIGH http://www.openwall.com/lists/oss-security/2016/04/20/8
Reference id Reference type URL
http://projects.theforeman.org/issues/14635
http://rubysec.com/advisories/CVE-2016-3693
https://access.redhat.com/errata/RHSA-2018:0336
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3693
http://seclists.org/oss-sec/2016/q2/119
https://github.com/svenfuchs/safemode
https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2
http://theforeman.org/security.html#2016-3693
http://www.openwall.com/lists/oss-security/2016/04/20/8
1327471 https://bugzilla.redhat.com/show_bug.cgi?id=1327471
cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*
CVE-2016-3693 http://rubysec.com/advisories/CVE-2016-3693/
CVE-2016-3693 https://nvd.nist.gov/vuln/detail/CVE-2016-3693
GHSA-c92m-rrrc-q5wf https://github.com/advisories/GHSA-c92m-rrrc-q5wf
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://projects.theforeman.org/issues/14635
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rubysec.com/advisories/CVE-2016-3693
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:0336
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/svenfuchs/safemode
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3693
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3693
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3693
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://theforeman.org/security.html#2016-3693
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2016/04/20/8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.7257
EPSS Score 0.00728
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:47:03.340842+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/safemode/CVE-2016-3693.yml 38.0.0