GHSA-4284-jfhc-f854

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4284-jfhc-f854/GHSA-4284-jfhc-f854.json
Aliases
  • CVE-2018-12615
Published
2022-05-13T01:49:37Z
Modified
2022-06-17T21:30:26.385287Z
Details

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.

References

Affected packages

RubyGems / passenger

passenger

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
5.3.2

Affected versions

1.*

1.0.1
1.0.2
1.0.3
1.0.4
1.0.5

2.*

2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.2
2.1.3
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9

3.*

3.0.0
3.0.0.pre1
3.0.0.pre2
3.0.0.pre3
3.0.0.pre4
3.0.1
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.17
3.0.18
3.0.19
3.0.2
3.0.21
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.9.1.beta
3.9.2.beta

4.*

4.0.0.rc4
4.0.0.rc6
4.0.1
4.0.10
4.0.13
4.0.14
4.0.16
4.0.17
4.0.18
4.0.19
4.0.2
4.0.20
4.0.21
4.0.23
4.0.24
4.0.25
4.0.26
4.0.27
4.0.28
4.0.29
4.0.3
4.0.30
4.0.31
4.0.32
4.0.33
4.0.34
4.0.35
4.0.36
4.0.37
4.0.38
4.0.39
4.0.4
4.0.40
4.0.41
4.0.42
4.0.43
4.0.44
4.0.45
4.0.46
4.0.48
4.0.49
4.0.5
4.0.50
4.0.51
4.0.52
4.0.53
4.0.55
4.0.56
4.0.57
4.0.58
4.0.59
4.0.6
4.0.60
4.0.7
4.0.8

5.*

5.0.0.beta1
5.0.0.beta2
5.0.0.beta3
5.0.0.rc1
5.0.0.rc2
5.0.1
5.0.10
5.0.11
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.2
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.3
5.0.30
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.1.0
5.1.1
5.1.10
5.1.11
5.1.12
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.2.0
5.2.1
5.2.2
5.2.3
5.3.0
5.3.1