Skip to main content

Passenger CVE-2013-2119

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2014-01-03 secalert@redhat.com
4.6
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Jan 03, 2014 - 18:54 cve.org
MEDIUM 4.6

DescriptionCVE.org

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

AnalysisAI

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config". Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-264. Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. Affected products include: Phusion Passenger, Redhat Openshift. Version information: before 3.0.21.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-12026 CRITICAL
9.8 Jun 17

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 al

CVE-2018-12027 HIGH
8.8 Jun 17

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosu

CVE-2016-10345 HIGH
7.8 Apr 18

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which

CVE-2018-12028 HIGH
7.8 Jun 17

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-mana

CVE-2018-12029 HIGH
7.0 Jun 17

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privil

CVE-2025-26803 MEDIUM
5.3 Feb 24

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a

CVE-2018-12615 MEDIUM
5.3 Jun 21

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. Rated

CVE-2017-16355 MEDIUM
4.7 Dec 14

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Ent

CVE-2013-4136 MEDIUM
4.4 Sep 30

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or p

CVE-2014-1832 LOW
2.1 Feb 19

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) contro

CVE-2014-1831 LOW
2.1 Feb 19

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1)

Share

CVE-2013-2119 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy