Privilege Escalation via Known /tmp Filename in Phusion Passenger

CVE-2016-10345 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

Learn more about our Cis Benchmark Audit For Nginx.