Phusion Passenger uses a known /tmp filename · CVE-2016-10345 · GitHub Advisory Database · GitHub

Phusion Passenger uses a known /tmp filename

High severity GitHub Reviewed Published Aug 21, 2018 to the GitHub Advisory Database • Updated Jun 9, 2023

Package

passenger (RubyGems)

Affected versions

< 5.1.0

Patched versions

5.1.0

Description

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user

References

Published to the GitHub Advisory Database Aug 21, 2018

Reviewed Jun 16, 2020

Last updated Jun 9, 2023

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H