CPE-B90B053F-1405-4FB8-A588-78D4D0C4B84F Detail

CPE Details

Phusion Passenger 3.9.0 Beta Open Source Edition

Vendor

phusion

Product

passenger

Version

3.9.0

Created

2019-10-24
16h11 +00:00

Modified

2019-10-24
16h11 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:phusion:passenger:3.9.0:beta:::open_source:::*

Informations

Vendor

phusion

Product

passenger

Version

3.9.0

Update

beta

Software Edition

open_source

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2018-12615	2018-06-21 15h00 +00:00	An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.	5.3	Medium
CVE-2018-12029	2018-06-17 18h00 +00:00	A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.	7	High
CVE-2016-10345	2017-04-18 20h00 +00:00	In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.	7.8	High
CVE-2014-1831	2015-02-19 14h00 +00:00	Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.	2.1
CVE-2014-1832	2015-02-19 14h00 +00:00	Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.	2.1
CVE-2013-4136	2013-09-30 19h00 +00:00	ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.	4.4

Phusion Passenger 3.9.0 Beta Open Source Edition

CPE Details

CPE Name: cpe:2.3:a:phusion:passenger:3.9.0:beta:*:*:open_source:*:*:*

Informations

Vendor

Product

Version

Update

Software Edition

Related CVE

CPE Name: cpe:2.3:a:phusion:passenger:3.9.0:beta:::open_source:::*