An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_e4s:9.0 |
MITRE
Status: PUBLISHED
Assigner: PSF
Published: 2024-03-19T15:44:28.989Z
Updated: 2024-08-02T08:35:14.863Z
Reserved: 2023-12-07T20:59:23.246Z
Link: CVE-2023-6597
Vulnrichment
Updated: 2024-08-02T08:35:14.863Z
NVD
Status : Awaiting Analysis
Published: 2024-03-19T16:15:08.743
Modified: 2024-06-10T18:15:24.760
Link: CVE-2023-6597
Redhat