CVE-2018-12615
First published: Thu Jun 21 2018(Updated: )
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phusion Passenger | <5.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-12615?
CVE-2018-12615 is a vulnerability in Phusion Passenger before version 5.3.2 that allows uninitialized memory to set supplementary groups, potentially leading to privilege escalation.
How does CVE-2018-12615 affect Phusion Passenger?
CVE-2018-12615 affects Phusion Passenger versions up to 5.3.2, potentially allowing unauthorized privilege escalation.
What is the severity of CVE-2018-12615?
The severity of CVE-2018-12615 is medium, with a severity value of 5.3.
How can I fix CVE-2018-12615?
To fix CVE-2018-12615, upgrade to Phusion Passenger version 5.3.2 or later.
Is there any additional reference for CVE-2018-12615?
Yes, you can find more information about CVE-2018-12615 and the fix in the official GitHub repository of Phusion Passenger.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/phusion
- canonical/phusion passenger