| |
Vulnerability CVE-2018-12615
Published: 2018-06-21
| Description: |
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. |
Type:
CWE-732
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
