CVE-2018-12026

Опубликовано: 17 июн. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 9.8

Описание

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	code not present
cosmic	ignored	end of life
devel	not-affected	6.0.10-3build1
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	6.0.10-3build1
esm-apps/xenial	not-affected	code not present

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
esm-infra/focal	DNE
focal	DNE
groovy	DNE

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2018-12026

CVSS3: 7.1

redhat

больше 7 лет назад

CVE-2018-12026

CVSS3: 9.8

nvd

больше 7 лет назад

CVE-2018-12026

CVSS3: 9.8

debian

больше 7 лет назад

During the spawning of a malicious Passenger-managed application, Spaw ...

GHSA-7cv3-gvmc-8mq5

CVSS3: 9.8

github

больше 3 лет назад

Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2018-12026

Описание

Пакет passenger

Пакет ruby-passenger

Ссылки на источники

Связанные уязвимости