CVE-2018-12028 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-12028 Interim 1 27 2023-06-26T00:03:02Z current 2021-05-30T14:13:56Z 2023-06-26T00:03:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-12028 An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Studio Onsite 1.3 ruby2.1-rubygem-passenger rubygem-passenger rubygem-passenger-apache2 rubygem-passenger as a component of SUSE Lifecycle Management Server 1.3 ruby2.1-rubygem-passenger as a component of SUSE Linux Enterprise Module for Containers 12 rubygem-passenger as a component of SUSE Linux Enterprise Module for Containers 12 rubygem-passenger-apache2 as a component of SUSE Linux Enterprise Module for Containers 12 rubygem-passenger as a component of SUSE Studio Onsite 1.3 An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID. CVE-2018-12028 SUSE Lifecycle Management Server 1.3:rubygem-passenger SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-passenger SUSE Linux Enterprise Module for Containers 12:rubygem-passenger SUSE Linux Enterprise Module for Containers 12:rubygem-passenger-apache2 SUSE Studio Onsite 1.3:rubygem-passenger critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H