Predictable tmp File Path Vulnerability in Phusion Passenger
Published: November 09, 2016
SECURITY IDENTIFIERS
- CVE: CVE-2016-10345 (NVD)
- GHSA: GHSA-cqxw-3p7v-p9gr
- Vendor Advisory: https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
GEM
SEVERITY
PATCHED VERSIONS
>= 5.1.0
DESCRIPTION
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.