Published: 17/06/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x prior to 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phusion passenger

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 53x before 532 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not t ...

CWE-200 CWE-732 https://blog.phusion.nl/passenger-5-3-2 https://security.gentoo.org/glsa/201807-02 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-12027

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-12027

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect