CVE-2023-6597

Summary

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Affected Software

VendorProductVersion RangeStatus
Python Software FoundationCPython0 < 3.8.19affected
Python Software FoundationCPython3.9.0 < 3.9.19affected
Python Software FoundationCPython3.10.0 < 3.10.14affected
Python Software FoundationCPython3.11.0 < 3.11.8affected
Python Software FoundationCPython3.12.0 < 3.12.1affected
Python Software FoundationCPython3.13.0a1 < 3.13.0a3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References