Vulnerabilities > Phusion > Passenger > 4.0.36

DATE CVE VULNERABILITY TITLE RISK
2018-06-21 CVE-2018-12615 Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2.
network
low complexity
phusion CWE-732
5.0
2018-06-17 CVE-2018-12029 Race Condition vulnerability in multiple products
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured.
4.4
2017-04-18 CVE-2016-10345 Permissions, Privileges, and Access Controls vulnerability in Phusion Passenger
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
local
low complexity
phusion CWE-264
4.6
2015-02-19 CVE-2014-1832 Incomplete Fix Insecure Temporary File Creation vulnerability in Ruby Phusion Passenger
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.
local
low complexity
phusion
2.1
2015-02-19 CVE-2014-1831 Unspecified vulnerability in Phusion Passenger
Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.
local
low complexity
phusion
2.1