CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:phusion:passenger:2.1.1:*:*:*:open_source:*:*:*
Informations
Vendor
phusionProduct
passengerVersion
2.1.1Software Edition
open_sourceRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. | 5.3 |
Medium |
||
| In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | 7.8 |
High |
||
| Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. | 2.1 |
|||
| Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831. | 2.1 |
|||
| Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. | 4.6 |
|||
| ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. | 4.4 |
2025©
tesweb SA
