Description
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
Scores
CVSS v3
5.3
EPSS
0.0020
EPSS Percentile
41.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-732
Status
published
Products (2)
phusion/passenger
< 5.3.2
rubygems/passenger
0 - 5.3.2RubyGems
Published
Jun 21, 2018
Tracked Since
Feb 18, 2026