CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12615

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.3%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

Products affected by CVE-2018-12615

Phusion » Passenger » Version: 1.0.0

cpe:2.3:a:phusion:passenger:1.0.0
Phusion » Passenger » Version: 1.0.1

cpe:2.3:a:phusion:passenger:1.0.1
Phusion » Passenger » Version: 1.0.2

cpe:2.3:a:phusion:passenger:1.0.2
Phusion » Passenger » Version: 1.0.3

cpe:2.3:a:phusion:passenger:1.0.3
Phusion » Passenger » Version: 1.0.4

cpe:2.3:a:phusion:passenger:1.0.4
Phusion » Passenger » Version: 1.0.5

cpe:2.3:a:phusion:passenger:1.0.5
Phusion » Passenger » Version: 1.9.0

cpe:2.3:a:phusion:passenger:1.9.0
Phusion » Passenger » Version: 1.9.1

cpe:2.3:a:phusion:passenger:1.9.1
Phusion » Passenger » Version: 2.0.1

cpe:2.3:a:phusion:passenger:2.0.1
Phusion » Passenger » Version: 2.0.2

cpe:2.3:a:phusion:passenger:2.0.2
Phusion » Passenger » Version: 2.0.3

cpe:2.3:a:phusion:passenger:2.0.3
Phusion » Passenger » Version: 2.0.4

cpe:2.3:a:phusion:passenger:2.0.4
Phusion » Passenger » Version: 2.0.5

cpe:2.3:a:phusion:passenger:2.0.5
Phusion » Passenger » Version: 2.0.6

cpe:2.3:a:phusion:passenger:2.0.6
Phusion » Passenger » Version: 2.1.1

cpe:2.3:a:phusion:passenger:2.1.1
Phusion » Passenger » Version: 2.1.2

cpe:2.3:a:phusion:passenger:2.1.2
Phusion » Passenger » Version: 2.1.3

cpe:2.3:a:phusion:passenger:2.1.3
Phusion » Passenger » Version: 2.2.0

cpe:2.3:a:phusion:passenger:2.2.0
Phusion » Passenger » Version: 2.2.1

cpe:2.3:a:phusion:passenger:2.2.1
Phusion » Passenger » Version: 2.2.10

cpe:2.3:a:phusion:passenger:2.2.10
Phusion » Passenger » Version: 2.2.11

cpe:2.3:a:phusion:passenger:2.2.11
Phusion » Passenger » Version: 2.2.12

cpe:2.3:a:phusion:passenger:2.2.12
Phusion » Passenger » Version: 2.2.13

cpe:2.3:a:phusion:passenger:2.2.13
Phusion » Passenger » Version: 2.2.14

cpe:2.3:a:phusion:passenger:2.2.14
Phusion » Passenger » Version: 2.2.15

cpe:2.3:a:phusion:passenger:2.2.15
Phusion » Passenger » Version: 2.2.2

cpe:2.3:a:phusion:passenger:2.2.2
Phusion » Passenger » Version: 2.2.3

cpe:2.3:a:phusion:passenger:2.2.3
Phusion » Passenger » Version: 2.2.4

cpe:2.3:a:phusion:passenger:2.2.4
Phusion » Passenger » Version: 2.2.5

cpe:2.3:a:phusion:passenger:2.2.5
Phusion » Passenger » Version: 2.2.6

cpe:2.3:a:phusion:passenger:2.2.6
Phusion » Passenger » Version: 2.2.7

cpe:2.3:a:phusion:passenger:2.2.7
Phusion » Passenger » Version: 2.2.8

cpe:2.3:a:phusion:passenger:2.2.8
Phusion » Passenger » Version: 2.2.9

cpe:2.3:a:phusion:passenger:2.2.9
Phusion » Passenger » Version: 3.0.0

cpe:2.3:a:phusion:passenger:3.0.0
Phusion » Passenger » Version: 3.0.1

cpe:2.3:a:phusion:passenger:3.0.1
Phusion » Passenger » Version: 3.0.10

cpe:2.3:a:phusion:passenger:3.0.10
Phusion » Passenger » Version: 3.0.11

cpe:2.3:a:phusion:passenger:3.0.11
Phusion » Passenger » Version: 3.0.12

cpe:2.3:a:phusion:passenger:3.0.12
Phusion » Passenger » Version: 3.0.13

cpe:2.3:a:phusion:passenger:3.0.13
Phusion » Passenger » Version: 3.0.14

cpe:2.3:a:phusion:passenger:3.0.14
Phusion » Passenger » Version: 3.0.15

cpe:2.3:a:phusion:passenger:3.0.15
Phusion » Passenger » Version: 3.0.16

cpe:2.3:a:phusion:passenger:3.0.16
Phusion » Passenger » Version: 3.0.17

cpe:2.3:a:phusion:passenger:3.0.17
Phusion » Passenger » Version: 3.0.18

cpe:2.3:a:phusion:passenger:3.0.18
Phusion » Passenger » Version: 3.0.19

cpe:2.3:a:phusion:passenger:3.0.19
Phusion » Passenger » Version: 3.0.2

cpe:2.3:a:phusion:passenger:3.0.2
Phusion » Passenger » Version: 3.0.20

cpe:2.3:a:phusion:passenger:3.0.20
Phusion » Passenger » Version: 3.0.21

cpe:2.3:a:phusion:passenger:3.0.21
Phusion » Passenger » Version: 3.0.3

cpe:2.3:a:phusion:passenger:3.0.3
Phusion » Passenger » Version: 3.0.4

cpe:2.3:a:phusion:passenger:3.0.4
Phusion » Passenger » Version: 3.0.5

cpe:2.3:a:phusion:passenger:3.0.5
Phusion » Passenger » Version: 3.0.6

cpe:2.3:a:phusion:passenger:3.0.6
Phusion » Passenger » Version: 3.0.7

cpe:2.3:a:phusion:passenger:3.0.7
Phusion » Passenger » Version: 3.0.8

cpe:2.3:a:phusion:passenger:3.0.8
Phusion » Passenger » Version: 3.0.9

cpe:2.3:a:phusion:passenger:3.0.9
Phusion » Passenger » Version: 3.9.0

cpe:2.3:a:phusion:passenger:3.9.0
Phusion » Passenger » Version: 3.9.1

cpe:2.3:a:phusion:passenger:3.9.1
Phusion » Passenger » Version: 3.9.2

cpe:2.3:a:phusion:passenger:3.9.2
Phusion » Passenger » Version: 3.9.3

cpe:2.3:a:phusion:passenger:3.9.3
Phusion » Passenger » Version: 3.9.4

cpe:2.3:a:phusion:passenger:3.9.4
Phusion » Passenger » Version: 3.9.5

cpe:2.3:a:phusion:passenger:3.9.5
Phusion » Passenger » Version: 4.0.0

cpe:2.3:a:phusion:passenger:4.0.0
Phusion » Passenger » Version: 4.0.1

cpe:2.3:a:phusion:passenger:4.0.1
Phusion » Passenger » Version: 4.0.10

cpe:2.3:a:phusion:passenger:4.0.10
Phusion » Passenger » Version: 4.0.11

cpe:2.3:a:phusion:passenger:4.0.11
Phusion » Passenger » Version: 4.0.12

cpe:2.3:a:phusion:passenger:4.0.12
Phusion » Passenger » Version: 4.0.13

cpe:2.3:a:phusion:passenger:4.0.13
Phusion » Passenger » Version: 4.0.14

cpe:2.3:a:phusion:passenger:4.0.14
Phusion » Passenger » Version: 4.0.15

cpe:2.3:a:phusion:passenger:4.0.15
Phusion » Passenger » Version: 4.0.16

cpe:2.3:a:phusion:passenger:4.0.16
Phusion » Passenger » Version: 4.0.17

cpe:2.3:a:phusion:passenger:4.0.17
Phusion » Passenger » Version: 4.0.18

cpe:2.3:a:phusion:passenger:4.0.18
Phusion » Passenger » Version: 4.0.19

cpe:2.3:a:phusion:passenger:4.0.19
Phusion » Passenger » Version: 4.0.2

cpe:2.3:a:phusion:passenger:4.0.2
Phusion » Passenger » Version: 4.0.20

cpe:2.3:a:phusion:passenger:4.0.20
Phusion » Passenger » Version: 4.0.21

cpe:2.3:a:phusion:passenger:4.0.21
Phusion » Passenger » Version: 4.0.22

cpe:2.3:a:phusion:passenger:4.0.22
Phusion » Passenger » Version: 4.0.23

cpe:2.3:a:phusion:passenger:4.0.23
Phusion » Passenger » Version: 4.0.24

cpe:2.3:a:phusion:passenger:4.0.24
Phusion » Passenger » Version: 4.0.25

cpe:2.3:a:phusion:passenger:4.0.25
Phusion » Passenger » Version: 4.0.26

cpe:2.3:a:phusion:passenger:4.0.26
Phusion » Passenger » Version: 4.0.27

cpe:2.3:a:phusion:passenger:4.0.27
Phusion » Passenger » Version: 4.0.28

cpe:2.3:a:phusion:passenger:4.0.28
Phusion » Passenger » Version: 4.0.29

cpe:2.3:a:phusion:passenger:4.0.29
Phusion » Passenger » Version: 4.0.3

cpe:2.3:a:phusion:passenger:4.0.3
Phusion » Passenger » Version: 4.0.30

cpe:2.3:a:phusion:passenger:4.0.30
Phusion » Passenger » Version: 4.0.31

cpe:2.3:a:phusion:passenger:4.0.31
Phusion » Passenger » Version: 4.0.32

cpe:2.3:a:phusion:passenger:4.0.32
Phusion » Passenger » Version: 4.0.33

cpe:2.3:a:phusion:passenger:4.0.33
Phusion » Passenger » Version: 4.0.34

cpe:2.3:a:phusion:passenger:4.0.34
Phusion » Passenger » Version: 4.0.35

cpe:2.3:a:phusion:passenger:4.0.35
Phusion » Passenger » Version: 4.0.36

cpe:2.3:a:phusion:passenger:4.0.36
Phusion » Passenger » Version: 4.0.37

cpe:2.3:a:phusion:passenger:4.0.37
Phusion » Passenger » Version: 4.0.38

cpe:2.3:a:phusion:passenger:4.0.38
Phusion » Passenger » Version: 4.0.39

cpe:2.3:a:phusion:passenger:4.0.39
Phusion » Passenger » Version: 4.0.4

cpe:2.3:a:phusion:passenger:4.0.4
Phusion » Passenger » Version: 4.0.40

cpe:2.3:a:phusion:passenger:4.0.40
Phusion » Passenger » Version: 4.0.41

cpe:2.3:a:phusion:passenger:4.0.41
Phusion » Passenger » Version: 4.0.42

cpe:2.3:a:phusion:passenger:4.0.42
Phusion » Passenger » Version: 4.0.43

cpe:2.3:a:phusion:passenger:4.0.43
Phusion » Passenger » Version: 4.0.44

cpe:2.3:a:phusion:passenger:4.0.44
Phusion » Passenger » Version: 4.0.45

cpe:2.3:a:phusion:passenger:4.0.45
Phusion » Passenger » Version: 4.0.46

cpe:2.3:a:phusion:passenger:4.0.46
Phusion » Passenger » Version: 4.0.47

cpe:2.3:a:phusion:passenger:4.0.47
Phusion » Passenger » Version: 4.0.48

cpe:2.3:a:phusion:passenger:4.0.48
Phusion » Passenger » Version: 4.0.49

cpe:2.3:a:phusion:passenger:4.0.49
Phusion » Passenger » Version: 4.0.5

cpe:2.3:a:phusion:passenger:4.0.5
Phusion » Passenger » Version: 4.0.50

cpe:2.3:a:phusion:passenger:4.0.50
Phusion » Passenger » Version: 4.0.51

cpe:2.3:a:phusion:passenger:4.0.51
Phusion » Passenger » Version: 4.0.52

cpe:2.3:a:phusion:passenger:4.0.52
Phusion » Passenger » Version: 4.0.53

cpe:2.3:a:phusion:passenger:4.0.53
Phusion » Passenger » Version: 4.0.54

cpe:2.3:a:phusion:passenger:4.0.54
Phusion » Passenger » Version: 4.0.55

cpe:2.3:a:phusion:passenger:4.0.55
Phusion » Passenger » Version: 4.0.56

cpe:2.3:a:phusion:passenger:4.0.56
Phusion » Passenger » Version: 4.0.57

cpe:2.3:a:phusion:passenger:4.0.57
Phusion » Passenger » Version: 4.0.58

cpe:2.3:a:phusion:passenger:4.0.58
Phusion » Passenger » Version: 4.0.59

cpe:2.3:a:phusion:passenger:4.0.59
Phusion » Passenger » Version: 4.0.6

cpe:2.3:a:phusion:passenger:4.0.6
Phusion » Passenger » Version: 4.0.60

cpe:2.3:a:phusion:passenger:4.0.60
Phusion » Passenger » Version: 4.0.7

cpe:2.3:a:phusion:passenger:4.0.7
Phusion » Passenger » Version: 4.0.8

cpe:2.3:a:phusion:passenger:4.0.8
Phusion » Passenger » Version: 4.0.9

cpe:2.3:a:phusion:passenger:4.0.9
Phusion » Passenger » Version: 5.0.0

cpe:2.3:a:phusion:passenger:5.0.0
Phusion » Passenger » Version: 5.0.1

cpe:2.3:a:phusion:passenger:5.0.1
Phusion » Passenger » Version: 5.0.10

cpe:2.3:a:phusion:passenger:5.0.10
Phusion » Passenger » Version: 5.0.11

cpe:2.3:a:phusion:passenger:5.0.11
Phusion » Passenger » Version: 5.0.12

cpe:2.3:a:phusion:passenger:5.0.12
Phusion » Passenger » Version: 5.0.13

cpe:2.3:a:phusion:passenger:5.0.13
Phusion » Passenger » Version: 5.0.14

cpe:2.3:a:phusion:passenger:5.0.14
Phusion » Passenger » Version: 5.0.15

cpe:2.3:a:phusion:passenger:5.0.15
Phusion » Passenger » Version: 5.0.16

cpe:2.3:a:phusion:passenger:5.0.16
Phusion » Passenger » Version: 5.0.17

cpe:2.3:a:phusion:passenger:5.0.17
Phusion » Passenger » Version: 5.0.18

cpe:2.3:a:phusion:passenger:5.0.18
Phusion » Passenger » Version: 5.0.19

cpe:2.3:a:phusion:passenger:5.0.19
Phusion » Passenger » Version: 5.0.2

cpe:2.3:a:phusion:passenger:5.0.2
Phusion » Passenger » Version: 5.0.20

cpe:2.3:a:phusion:passenger:5.0.20
Phusion » Passenger » Version: 5.0.21

cpe:2.3:a:phusion:passenger:5.0.21
Phusion » Passenger » Version: 5.0.22

cpe:2.3:a:phusion:passenger:5.0.22
Phusion » Passenger » Version: 5.0.23

cpe:2.3:a:phusion:passenger:5.0.23
Phusion » Passenger » Version: 5.0.24

cpe:2.3:a:phusion:passenger:5.0.24
Phusion » Passenger » Version: 5.0.25

cpe:2.3:a:phusion:passenger:5.0.25
Phusion » Passenger » Version: 5.0.26

cpe:2.3:a:phusion:passenger:5.0.26
Phusion » Passenger » Version: 5.0.27

cpe:2.3:a:phusion:passenger:5.0.27
Phusion » Passenger » Version: 5.0.28

cpe:2.3:a:phusion:passenger:5.0.28
Phusion » Passenger » Version: 5.0.29

cpe:2.3:a:phusion:passenger:5.0.29
Phusion » Passenger » Version: 5.0.3

cpe:2.3:a:phusion:passenger:5.0.3
Phusion » Passenger » Version: 5.0.30

cpe:2.3:a:phusion:passenger:5.0.30
Phusion » Passenger » Version: 5.0.4

cpe:2.3:a:phusion:passenger:5.0.4
Phusion » Passenger » Version: 5.0.5

cpe:2.3:a:phusion:passenger:5.0.5
Phusion » Passenger » Version: 5.0.6

cpe:2.3:a:phusion:passenger:5.0.6
Phusion » Passenger » Version: 5.0.7

cpe:2.3:a:phusion:passenger:5.0.7
Phusion » Passenger » Version: 5.0.8

cpe:2.3:a:phusion:passenger:5.0.8
Phusion » Passenger » Version: 5.0.9

cpe:2.3:a:phusion:passenger:5.0.9
Phusion » Passenger » Version: 5.1.0

cpe:2.3:a:phusion:passenger:5.1.0
Phusion » Passenger » Version: 5.1.1

cpe:2.3:a:phusion:passenger:5.1.1
Phusion » Passenger » Version: 5.1.10

cpe:2.3:a:phusion:passenger:5.1.10
Phusion » Passenger » Version: 5.1.11

cpe:2.3:a:phusion:passenger:5.1.11
Phusion » Passenger » Version: 5.1.12

cpe:2.3:a:phusion:passenger:5.1.12
Phusion » Passenger » Version: 5.1.2

cpe:2.3:a:phusion:passenger:5.1.2
Phusion » Passenger » Version: 5.1.3

cpe:2.3:a:phusion:passenger:5.1.3
Phusion » Passenger » Version: 5.1.4

cpe:2.3:a:phusion:passenger:5.1.4
Phusion » Passenger » Version: 5.1.5

cpe:2.3:a:phusion:passenger:5.1.5
Phusion » Passenger » Version: 5.1.6

cpe:2.3:a:phusion:passenger:5.1.6
Phusion » Passenger » Version: 5.1.7

cpe:2.3:a:phusion:passenger:5.1.7
Phusion » Passenger » Version: 5.1.8

cpe:2.3:a:phusion:passenger:5.1.8
Phusion » Passenger » Version: 5.1.9

cpe:2.3:a:phusion:passenger:5.1.9
Phusion » Passenger » Version: 5.2.0

cpe:2.3:a:phusion:passenger:5.2.0
Phusion » Passenger » Version: 5.2.1

cpe:2.3:a:phusion:passenger:5.2.1
Phusion » Passenger » Version: 5.2.2

cpe:2.3:a:phusion:passenger:5.2.2
Phusion » Passenger » Version: 5.2.3

cpe:2.3:a:phusion:passenger:5.2.3
Phusion » Passenger » Version: 5.3.0

cpe:2.3:a:phusion:passenger:5.3.0
Phusion » Passenger » Version: 5.3.1

cpe:2.3:a:phusion:passenger:5.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12615

Products

Pricing

Contact Us