Lucene search
Redhat.comRH:CVE-2018-12027HistoryJun 19, 2018 - 1:20 a.m.
CVE-2018-12027
2018-06-1901:20:31
redhat.com
access.redhat.com
9
0.001 Low
EPSS
Percentile
34.0%
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application’s user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user’s process through an alternative Unix domain socket.
Related
osv
osv
CVE-2018-12027
2018-06-17 20:29:00
Insecure Permissions in Phusion Passenger
2022-05-13 01:49:24
prion
prion
Information disclosure
2018-06-17 20:29:00
github
github
Insecure Permissions in Phusion Passenger
2022-05-13 01:49:24
nvd
nvd
CVE-2018-12027
2018-06-17 20:29:00
veracode
veracode
Information Disclosure
2018-06-18 04:55:26
debiancve
debiancve
CVE-2018-12027
2018-06-17 20:29:00
ubuntucve
ubuntucve
CVE-2018-12027
2018-06-17 00:00:00
cve
cve
CVE-2018-12027
2018-06-17 20:29:00
cvelist
cvelist
CVE-2018-12027
2018-06-17 20:00:00
gentoo
gentoo
Passenger: Multiple Vulnerabilities
2018-07-22 00:00:00
nessus
nessus
GLSA-201807-02 : Passenger: Multiple Vulnerabilities
2018-07-23 00:00:00