MEDIUM 5.3 RubyGems
Phusion Passenger incorrect permission assignment
GHSA-4284-jfhc-f854 · CVE-2018-12615
Published · Modified
Description
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
Ready to move
Start Securing
Free, no credit card | First findings in minutes