Lucene search
Redhat.comRH:CVE-2018-12026HistoryJun 19, 2018 - 1:20 a.m.
CVE-2018-12026
2018-06-1901:20:01
redhat.com
access.redhat.com
9
0.003 Low
EPSS
Percentile
70.9%
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
Related
cve
cve
CVE-2018-12026
2018-06-17 20:29:00
veracode
veracode
Arbitrary File Read And Write
2020-06-08 00:22:15
nvd
nvd
CVE-2018-12026
2018-06-17 20:29:00
osv
osv
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability
2022-05-14 01:27:14
CVE-2018-12026
2018-06-17 20:29:00
debiancve
debiancve
CVE-2018-12026
2018-06-17 20:29:00
prion
prion
Information disclosure
2018-06-17 20:29:00
github
github
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability
2022-05-14 01:27:14
ubuntucve
ubuntucve
CVE-2018-12026
2018-06-17 00:00:00
cvelist
cvelist
CVE-2018-12026
2018-06-17 20:00:00
gentoo
gentoo
Passenger: Multiple Vulnerabilities
2018-07-22 00:00:00
nessus
nessus
GLSA-201807-02 : Passenger: Multiple Vulnerabilities
2018-07-23 00:00:00