8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-12027

GHSA ID

GHSA-whfx-877c-5p28

EPSS Score

0.52016%

CWE

CWE-200

Published

5/13/2022

Updated

6/28/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-12027

CVE-2018-12027:
Insecure Permissions in Phusion Passenger

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-12027

GHSA ID

GHSA-whfx-877c-5p28

EPSS Score

0.52016%

CWE

CWE-200

Published

5/13/2022

Updated

6/28/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
passenger	rubygems	>= 5.3.0, < 5.3.2	5.3.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insecure directory permission handling in SpawningKit's process spawning logic. The Phusion blog explicitly mentions SpawningKit improvements including 'symlink-resistant I/O operations' and validation that sockets must be created within secure subdirectories. The CVE description directly implicates directory writability checks during socket path creation. While exact function names aren't provided in public advisories, the SpawningKit component's responsibility for instance directory/socket management and the described fixes (e.g., path validation, fchmod usage) strongly indicate vulnerabilities in these core directory/socket setup functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n Ins**ur* P*rmissions vuln*r**ility in Sp*wnin*Kit in P*usion P*ss*n**r *.*.x ***or* *.*.* **us*s in*orm*tion *is*losur* in t** *ollowin* situ*tion: *iv*n * P*ss*n**r-sp*wn** *ppli**tion pro**ss t**t r*ports t**t it list*ns on * **rt*in Unix *om*in

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* *ir**tory p*rmission **n*lin* in Sp*wnin*Kit's `pro**ss` sp*wnin* lo*i*. T** P*usion *lo* *xpli*itly m*ntions Sp*wnin*Kit improv*m*nts in*lu*in* 'symlink-r*sist*nt I/O op*r*tions' *n* `v*li**tion` t**t so*k*ts mu

8.8

Basic Information

Concerned about an active attack path?

CVE-2018-12027: Insecure Permissions in Phusion Passenger

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-12027:
Insecure Permissions in Phusion Passenger

Vulnerability Intelligence
Miggo AI