Description
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://blog.phusion.nl/passenger-5-3-2
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201807-02
Scores
CVSS v3
8.8
EPSS
0.0027
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
CWE-732
Status
published
Products (2)
phusion/passenger
5.3.0 - 5.3.2
rubygems/passenger
5.3.0 - 5.3.2RubyGems
Published
Jun 17, 2018
Tracked Since
Feb 18, 2026