Описание
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | ruby193-rubygem-passenger | Not affected | ||
| Red Hat Ceph Storage 1.3 | rubygem-passenger | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | ruby193-rubygem-passenger | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | rubygem-passenger | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ruby-193-rubygem-passenger | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ruby200-rubygem-passenger | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | rubygem-passenger | Will not fix | ||
| Red Hat Satellite 6 | ruby193-rubygem-passenger | Not affected | ||
| Red Hat Satellite 6 | rubygem-passenger | Not affected | ||
| Red Hat Software Collections | rh-passenger40-passenger | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1445306passenger: File overwrite vulnerability in passenger-install-nginx-module
EPSS
Процентиль: 20%
0.00064
Низкий
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 7.8
ubuntu
почти 9 лет назад
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
CVSS3: 7.8
nvd
почти 9 лет назад
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
CVSS3: 7.8
debian
почти 9 лет назад
In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...
EPSS
Процентиль: 20%
0.00064
Низкий
5.5 Medium
CVSS3