Description
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
Remediation
References
Related Vulnerabilities
OpenVPN AS Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2020-36382)
WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)
WordPress Plugin PlanSo Forms Cross-Site Scripting (2.6.3)
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Scripting (3.4.8.2)
WordPress Plugin Download Manager Cross-Site Scripting (3.2.42)