4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
A race condition in the nginx module in Phusion Passenger 3.x through 5.x
before 5.3.2 allows local escalation of privileges when a non-standard
passenger_instance_registry_dir with insufficiently strict permissions is
configured. Replacing a file with a symlink after the file was created, but
before it was chowned, leads to the target of the link being chowned via
the path. Targeting sensitive files such as root’s crontab file allows
privilege escalation.
blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
blog.phusion.nl/passenger-5-3-2
launchpad.net/bugs/cve/CVE-2018-12029
nvd.nist.gov/vuln/detail/CVE-2018-12029
pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
security-tracker.debian.org/tracker/CVE-2018-12029
www.cve.org/CVERecord?id=CVE-2018-12029
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%