Описание
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
Ссылки
- PatchRelease Notes
- Patch
- PatchRelease Notes
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.30 (включая)
cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 7.8
ubuntu
почти 9 лет назад
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
CVSS3: 5.5
redhat
около 9 лет назад
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
CVSS3: 7.8
debian
почти 9 лет назад
In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...
EPSS
Процентиль: 20%
0.00064
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-264