CyberSec.Space Logo
Back to CVE Browser

CVE-2016-10345

HIGH
7.8
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile25.58th
PublishedApr 18, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

Affected Platforms (CPE)

πŸ“¦
Phusion

Passenger

<= 5.0.30

References & Advisories

πŸ”— https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
πŸ”— https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
πŸ”— https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
πŸ”— https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441

Related Vulnerabilities

CVE-2018-120269.8

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such ...

CVE-2018-120278.8

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the ...

CVE-2018-120287.8

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malici...

CVE-2012-61357.5

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.