Potential Security Risk in CPython's tempfile.TemporaryDirectory Class
CVE-2023-6597
7.8HIGH
Summary
A vulnerability exists in the tempfile.TemporaryDirectory class of CPython that can be exploited by privileged users. During the cleanup process, the class erroneously dereferences symbolic links, leading to potential modification of file permissions for files that are referenced by these links. This issue affects multiple versions of CPython, potentially exposing sensitive data or system files to unauthorized access under specific conditions. Users running software that relies on these versions are encouraged to apply patches to mitigate the risk.
Affected Version(s)
CPython 0 < 3.8.19
CPython 3.9.0 < 3.9.19
CPython 3.10.0 < 3.10.14
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved