Privilege Escalation via Known /tmp Filename in Phusion Passenger
CVE-2016-10345 · MEDIUM Severity
AV:L/AC:L/AU:N/C:P/I:P/A:P
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
Learn more about our Cis Benchmark Audit For Nginx.