Vulnerabilities > Phusion > Passenger > 5.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-21 | CVE-2018-12615 | Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. | 5.0 |
| 2018-06-17 | CVE-2018-12029 | Race Condition vulnerability in multiple products A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. | 4.4 |
| 2018-06-17 | CVE-2018-12028 | Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger 5.3.0/5.3.1 An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. | 6.8 |
| 2018-06-17 | CVE-2018-12027 | Information Exposure vulnerability in Phusion Passenger 5.3.0/5.3.1 An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket. | 6.5 |
| 2018-06-17 | CVE-2018-12026 | Link Following vulnerability in Phusion Passenger 5.3.0/5.3.1 During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. | 7.5 |