Lucene search
PRIOn knowledge basePRION:CVE-2018-12027HistoryJun 17, 2018 - 8:29 p.m.
Information disclosure
2018-06-1720:29:00
PRIOn knowledge base
www.prio-n.com
7
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application’s user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user’s process through an alternative Unix domain socket.
Related
osv
osv
CVE-2018-12027
2018-06-17 20:29:00
Insecure Permissions in Phusion Passenger
2022-05-13 01:49:24
github
github
Insecure Permissions in Phusion Passenger
2022-05-13 01:49:24
nvd
nvd
CVE-2018-12027
2018-06-17 20:29:00
cve
cve
CVE-2018-12027
2018-06-17 20:29:00
redhatcve
redhatcve
CVE-2018-12027
2018-06-19 01:20:31
cvelist
cvelist
CVE-2018-12027
2018-06-17 20:00:00
veracode
veracode
Information Disclosure
2018-06-18 04:55:26
debiancve
debiancve
CVE-2018-12027
2018-06-17 20:29:00
ubuntucve
ubuntucve
CVE-2018-12027
2018-06-17 00:00:00
gentoo
gentoo
Passenger: Multiple Vulnerabilities
2018-07-22 00:00:00
nessus
nessus
GLSA-201807-02 : Passenger: Multiple Vulnerabilities
2018-07-23 00:00:00