Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

vulnerability

Amazon Linux AMI 2: CVE-2023-6597: Security patch for python3, python38 (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:N)
Published
Mar 19, 2024
Added
May 16, 2024
Modified
May 20, 2026

Description

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Solutions

amazon-linux-ami-2-upgrade-python3amazon-linux-ami-2-upgrade-python3-debugamazon-linux-ami-2-upgrade-python3-debuginfoamazon-linux-ami-2-upgrade-python3-develamazon-linux-ami-2-upgrade-python3-libsamazon-linux-ami-2-upgrade-python3-testamazon-linux-ami-2-upgrade-python3-tkinteramazon-linux-ami-2-upgrade-python3-toolsamazon-linux-ami-2-upgrade-python38amazon-linux-ami-2-upgrade-python38-debugamazon-linux-ami-2-upgrade-python38-debuginfoamazon-linux-ami-2-upgrade-python38-develamazon-linux-ami-2-upgrade-python38-libsamazon-linux-ami-2-upgrade-python38-testamazon-linux-ami-2-upgrade-python38-tkinteramazon-linux-ami-2-upgrade-python38-tools

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report