Description

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.

Remediation

References

CVE-2017-16355

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35474)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25644)

IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-9707)

MySQL CVE-2019-2991 Vulnerability (CVE-2019-2991)

WordPress Plugin Mail Masta Multiple SQL Injection Vulnerabilities (1.0)

Severity

Medium

Classification

CVE-2017-16355 CWE-200 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities