Platform
ruby
Component
passenger
Fixed in
4.0.38
CVE-2014-1831 describes a symlink vulnerability affecting Phusion Passenger versions up to 4.0.8. This flaw allows a local attacker to potentially write to sensitive files and directories by exploiting symlink manipulation. The vulnerability was published in 2018 and a fix is available in version 4.0.38. Mitigation strategies involve restricting file permissions and monitoring for suspicious symlink activity.
The primary impact of CVE-2014-1831 lies in the potential for unauthorized file modification. A successful attacker, already possessing local access to the system, can leverage the symlink vulnerability to overwrite critical configuration files or application code within directories normally protected. This could lead to denial of service, privilege escalation, or even remote code execution if the overwritten files are subsequently executed. While the vulnerability is classified as LOW severity, the ease of exploitation and potential for disruption make it a concern, particularly in environments with lax file permission controls.
CVE-2014-1831 is not currently listed on KEV or EPSS. The LOW CVSS score suggests a low probability of active exploitation. Public proof-of-concept (POC) code is not widely available, which further reduces the immediate risk. The vulnerability was published in 2018, indicating it has been known for a significant period.
Exploit Status
EPSS
0.07% (21% percentile)
The recommended mitigation for CVE-2014-1831 is to upgrade Phusion Passenger to version 4.0.38 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing stricter file permission controls to limit the impact of a successful symlink attack. Specifically, ensure that the control_process.pid and generation-* files are not writable by users other than the Passenger process owner. Regularly audit file permissions and monitor system logs for suspicious symlink creation or modification attempts. There are no specific WAF rules or detection signatures readily available for this vulnerability.
No official patch available. Check for workarounds or monitor for updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2014-1831 is a vulnerability in Phusion Passenger versions up to 4.0.8 that allows a local attacker to write to restricted directories via a symlink attack on control_process.pid or generation-* files. Severity pending CVSS score update.
You are affected if you are running Phusion Passenger versions 4.0.8 or earlier. Upgrade to 4.0.38 or later to mitigate the risk.
Upgrade Phusion Passenger to version 4.0.38 or later. As a temporary workaround, restrict file permissions on control_process.pid and generation-* files.
There is no widespread evidence of active exploitation of CVE-2014-1831. Public POCs are limited, and it is not listed on KEV or EPSS.
Refer to the Phusion Passenger security advisory for details: https://www.phusionpassenger.com/security/advisories/CVE-2014-1831
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your Gemfile.lock file and we'll tell you instantly if you're affected.