PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2018-10545

An issue was discovered in PHP before 5.6.35 7.0.x before 7.0.29 7.1.x before 7.1.16 and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user39s PHP applications by running gcore on the PID of the PHP-FPM worker process.