{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-6597", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "state": "PUBLISHED", "assignerShortName": "PSF", "dateReserved": "2023-12-07T20:59:23.246Z", "datePublished": "2024-03-19T15:44:28.989Z", "dateUpdated": "2024-11-05T19:16:27.862Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [{"version": "0", "lessThan": "3.8.19", "status": "affected", "versionType": "python"}, {"version": "3.9.0", "lessThan": "3.9.19", "status": "affected", "versionType": "python"}, {"version": "3.10.0", "lessThan": "3.10.14", "status": "affected", "versionType": "python"}, {"version": "3.11.0", "lessThan": "3.11.8", "status": "affected", "versionType": "python"}, {"version": "3.12.0", "lessThan": "3.12.1", "status": "affected", "versionType": "python"}, {"version": "3.13.0a1", "lessThan": "3.13.0a3", "status": "affected", "versionType": "python"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.<br><br>The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.<br>"}], "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2024-06-13T19:24:11.289Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"}, {"tags": ["issue-tracking"], "url": "https://github.com/python/cpython/issues/91133"}, {"tags": ["vendor-advisory"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "affected": [{"vendor": "python_software_foundation", "product": "cpython", "cpes": ["cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.8.19", "versionType": "custom"}, {"version": "3.9.0", "status": "affected", "lessThan": "3.9.19", "versionType": "custom"}, {"version": "3.10.0", "status": "affected", "lessThan": "3.10.14", "versionType": "custom"}, {"version": "3.11.0", "status": "affected", "lessThan": "3.11.8", "versionType": "custom"}, {"version": "3.12.0", "status": "affected", "lessThan": "3.12.1", "versionType": "custom"}, {"version": "3.13.0a1", "status": "affected", "lessThan": "3.13.0a3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-05T19:08:44.665083Z", "id": "CVE-2023-6597", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T19:16:27.862Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.863Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/python/cpython/issues/91133"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/issues/91133", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.863Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6597", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-05T19:08:44.665083Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"], "vendor": "python_software_foundation", "product": "cpython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.8.19", "versionType": "custom"}, {"status": "affected", "version": "3.9.0", "lessThan": "3.9.19", "versionType": "custom"}, {"status": "affected", "version": "3.10.0", "lessThan": "3.10.14", "versionType": "custom"}, {"status": "affected", "version": "3.11.0", "lessThan": "3.11.8", "versionType": "custom"}, {"status": "affected", "version": "3.12.0", "lessThan": "3.12.1", "versionType": "custom"}, {"status": "affected", "version": "3.13.0a1", "lessThan": "3.13.0a3", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:42.571Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "product": "CPython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.8.19", "versionType": "python"}, {"status": "affected", "version": "3.9.0", "lessThan": "3.9.19", "versionType": "python"}, {"status": "affected", "version": "3.10.0", "lessThan": "3.10.14", "versionType": "python"}, {"status": "affected", "version": "3.11.0", "lessThan": "3.11.8", "versionType": "python"}, {"status": "affected", "version": "3.12.0", "lessThan": "3.12.1", "versionType": "python"}, {"status": "affected", "version": "3.13.0a1", "lessThan": "3.13.0a3", "versionType": "python"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/issues/91133", "tags": ["issue-tracking"]}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n", "supportingMedia": [{"type": "text/html", "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.<br><br>The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.<br>", "base64": false}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2024-06-13T19:24:11.289Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6597", "state": "PUBLISHED", "dateUpdated": "2024-11-05T19:16:27.862Z", "dateReserved": "2023-12-07T20:59:23.246Z", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "datePublished": "2024-03-19T15:44:28.989Z", "assignerShortName": "PSF"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n"}, {"lang": "es", "value": "Se encontr\u00f3 un problema en la clase CPython `tempfile.TemporaryDirectory` que afecta a las versiones 3.12.2, 3.11.8, 3.10.13, 3.9.18 y 3.8.18 y anteriores. La clase tempfile.TemporaryDirectory eliminar\u00eda la referencia a enlaces simb\u00f3licos durante la limpieza de errores relacionados con permisos. Esto significa que los usuarios que pueden ejecutar programas privilegiados pueden modificar los permisos de los archivos a los que hacen referencia los enlaces simb\u00f3licos en algunas circunstancias."}], "id": "CVE-2023-6597", "lastModified": "2024-06-10T18:15:24.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.8, "source": "cna@python.org", "type": "Secondary"}]}, "published": "2024-03-19T16:15:08.743", "references": [{"source": "cna@python.org", "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/issues/91133"}, {"source": "cna@python.org", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"}, {"source": "cna@python.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"}, {"source": "cna@python.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"}, {"source": "cna@python.org", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"}], "sourceIdentifier": "cna@python.org", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:3347", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-62.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3466", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39:3.9-8100020240516111311.d47b87a4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3466", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39-devel:3.9-8100020240516111311.d47b87a4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:4058", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3.11-0:3.11.9-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:3347", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-62.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:4166", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "python3-0:3.6.8-24.el8_2.3", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:4456", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "python3-0:3.6.8-39.el8_4.5", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4456", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "python3-0:3.6.8-39.el8_4.5", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4456", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "python3-0:3.6.8-39.el8_4.5", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4406", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "python3-0:3.6.8-47.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4406", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "python3-0:3.6.8-47.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4406", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "python3-0:3.6.8-47.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:3391", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "python3-0:3.6.8-51.el8_8.6", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}, {"advisory": "RHSA-2024:4370", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "python3.11-0:3.11.2-2.el8_8.3", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4077", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.11-0:3.11.7-1.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-25T00:00:00Z"}, {"advisory": "RHSA-2024:4078", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.18-3.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-25T00:00:00Z"}, {"advisory": "RHSA-2024:4078", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.18-3.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-25T00:00:00Z"}, {"advisory": "RHSA-2024:5689", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "python3.9-0:3.9.10-4.el9_0.4", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-21T00:00:00Z"}, {"advisory": "RHSA-2024:4896", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "python3.11-0:3.11.2-2.el9_2.4", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:5535", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "python3.9-0:3.9.16-1.el9_2.5", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:4865", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-5", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4871", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-router-rhel9:2.5.3-2", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-07-25T00:00:00Z"}], "bugzilla": {"description": "python: Path traversal on tempfile.TemporaryDirectory", "id": "2276518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276518"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-61", "details": ["An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-6597", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gimp:flatpak/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "inkscape:flatpak/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python27:2.7/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3.12", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python3.12", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6597\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6597"], "statement": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "threat_severity": "Important"}