Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12028

Опубликовано: 17 июн. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 7.8

Описание

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

code not present
cosmic

ignored

end of life
devel

not-affected

6.0.10-3build1
disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

not-affected

code not present
esm-apps/focal

not-affected

code not present
esm-apps/jammy

not-affected

6.0.10-3build1
esm-apps/xenial

not-affected

code not present

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needs-triage]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 39%
0.00175
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-12028

CVSS3: 4.7
redhat
больше 7 лет назад

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.

nvd логотип

CVE-2018-12028

CVSS3: 7.8
nvd
больше 7 лет назад

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.

debian логотип

CVE-2018-12028

CVSS3: 7.8
debian
больше 7 лет назад

An Incorrect Access Control vulnerability in SpawningKit in Phusion Pa ...

github логотип

GHSA-jjhj-8gx7-x836

CVSS3: 7.8
github
больше 3 лет назад

Incorrect Access Control in Phusion Passenger

EPSS

Процентиль: 39%
0.00175
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3

Уязвимость CVE-2018-12028