An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | python3 | 2024-05-09 19:16 | ALAS2-2024-2541 |
Amazon Linux 2023 | python3.11 | 2024-05-09 17:16 | ALAS2023-2024-617 |
Amazon Linux 2023 | python3.9 | 2024-05-09 17:16 | ALAS2023-2024-616 |
Amazon Linux 1 | python38 | 2024-05-09 17:43 | ALAS-2024-1936 |
Amazon Linux 2 - Python3.8 Extra | python38 | 2024-05-23 23:02 | ALAS2PYTHON3.8-2024-011 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |