An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Python Software Foundation
Python Software Foundation cpython |
|
CPEs | cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:* | |
Vendors & Products |
Python Software Foundation
Python Software Foundation cpython |
|
Metrics |
ssvc
|
Wed, 21 Aug 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_e4s:9.0 |
MITRE
Status: PUBLISHED
Assigner: PSF
Published: 2024-03-19T15:44:28.989Z
Updated: 2024-11-05T19:16:27.862Z
Reserved: 2023-12-07T20:59:23.246Z
Link: CVE-2023-6597
Vulnrichment
Updated: 2024-08-02T08:35:14.863Z
NVD
Status : Awaiting Analysis
Published: 2024-03-19T16:15:08.743
Modified: 2024-11-21T08:44:10.463
Link: CVE-2023-6597
Redhat