Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12027

Опубликовано: 05 июн. 2018
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.3rubygem-passengerNot affected
Red Hat Satellite 6rubygem-passengerNot affected
Red Hat Update Infrastructure 3 for Cloud Providersrubygem-passengerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1592619passenger: Insecure permissions in SpawningKit can allow for redirection of traffic under certain configurations

EPSS

Процентиль: 51%
0.00275
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12027

CVSS3: 8.8
ubuntu
больше 7 лет назад

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.

nvd логотип

CVE-2018-12027

CVSS3: 8.8
nvd
больше 7 лет назад

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.

debian логотип

CVE-2018-12027

CVSS3: 8.8
debian
больше 7 лет назад

An Insecure Permissions vulnerability in SpawningKit in Phusion Passen ...

github логотип

GHSA-whfx-877c-5p28

CVSS3: 8.8
github
больше 3 лет назад

Insecure Permissions in Phusion Passenger

EPSS

Процентиль: 51%
0.00275
Низкий

6.3 Medium

CVSS3