Vulnerabilities > Phusion > Passenger > 5.0.27
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-21 | CVE-2018-12615 | Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. | 5.0 |
| 2018-06-17 | CVE-2018-12029 | Race Condition vulnerability in multiple products A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. | 4.4 |
| 2017-12-14 | CVE-2017-16355 | Information Exposure vulnerability in multiple products In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | 1.2 |
| 2017-04-18 | CVE-2016-10345 | Permissions, Privileges, and Access Controls vulnerability in Phusion Passenger In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | 4.6 |