PT-2018-10949 · Phusion · Phusion Passenger

Publicado

2018-06-17

·

Atualizado

2022-05-14

·

CVE-2018-12026

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Phusion Passenger versions 5.3.x through 5.3.1
Description The issue allows malicious Passenger-managed applications to replace key files or directories in the spawning communication directory with symlinks during the spawning process. This can result in arbitrary reads and writes, leading to information disclosure and privilege escalation.
Recommendations For Phusion Passenger versions 5.3.x through 5.3.1, update to version 5.3.2 or later to resolve the issue.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2018-12026
GHSA-7CV3-GVMC-8MQ5
OPENSUSE-SU-2024:11341-1

Produtos afetados

Phusion Passenger