Описание
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | ruby193-rubygem-passenger | Will not fix | ||
| Red Hat Ceph Storage 1.3 | rubygem-passenger | Will not fix | ||
| Red Hat Satellite 6 | ruby193-rubygem-passeger | Not affected | ||
| Red Hat Satellite 6 | rubygem-passenger | Not affected | ||
| Red Hat Software Collections | rh-passenger40-passenger | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...
Уязвимость веб-сервера Phusion Passenger, связанная с возможностью создания символической ссылки между REVISION и произвольным файлом в системе, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
4.7 Medium
CVSS3