GHSA-cqxw-3p7v-p9gr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cqxw-3p7v-p9gr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-cqxw-3p7v-p9gr/GHSA-cqxw-3p7v-p9gr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cqxw-3p7v-p9gr
- Aliases
- Published
- 2018-08-21T17:08:03Z
- Modified
- 2024-12-08T05:22:56.094321Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Phusion Passenger uses a known /tmp filename
- Details
-
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:32:32Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-10345
- https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
- https://blog.phusion.nl/2017/01/10/passenger-5-1-1
- https://github.com/advisories/GHSA-cqxw-3p7v-p9gr
- https://github.com/phusion/passenger
- https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2016-10345.yml
Affected packages
RubyGems / passenger
Package
- Name
- passenger
- Purl
- pkg:gem/passenger
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.1.0
Affected versions
1.*
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
2.*
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.2
2.1.3
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
3.*
3.0.0.pre1
3.0.0.pre2
3.0.0.pre3
3.0.0.pre4
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.17
3.0.18
3.0.19
3.0.21
3.9.1.beta
3.9.2.beta
4.*
4.0.0.rc4
4.0.0.rc6
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.10
4.0.13
4.0.14
4.0.16
4.0.17
4.0.18
4.0.19
4.0.20
4.0.21
4.0.23
4.0.24
4.0.25
4.0.26
4.0.27
4.0.28
4.0.29
4.0.30
4.0.31
4.0.32
4.0.33
4.0.34
4.0.35
4.0.36
4.0.37
4.0.38
4.0.39
4.0.40
4.0.41
4.0.42
4.0.43
4.0.44
4.0.45
4.0.46
4.0.48
4.0.49
4.0.50
4.0.51
4.0.52
4.0.53
4.0.55
4.0.56
4.0.57
4.0.58
4.0.59
4.0.60
5.*
5.0.0.beta1
5.0.0.beta2
5.0.0.beta3
5.0.0.rc1
5.0.0.rc2
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30