vulnerability
Red Hat: CVE-2023-6597: python: Path traversal on tempfile.TemporaryDirectory (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
6 | (AV:L/AC:H/Au:N/C:C/I:C/A:N) | Mar 19, 2024 | May 24, 2024 | Mar 19, 2025 |
Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:N)
Published
Mar 19, 2024
Added
May 24, 2024
Modified
Mar 19, 2025
Description
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Solution(s)
redhat-upgrade-cython-debugsourceredhat-upgrade-numpy-debugsourceredhat-upgrade-platform-pythonredhat-upgrade-platform-python-debugredhat-upgrade-platform-python-develredhat-upgrade-python-cffi-debugsourceredhat-upgrade-python-cryptography-debugsourceredhat-upgrade-python-lxml-debugsourceredhat-upgrade-python-psutil-debugsourceredhat-upgrade-python-psycopg2-debugsourceredhat-upgrade-python-unversioned-commandredhat-upgrade-python3redhat-upgrade-python3-11redhat-upgrade-python3-11-debugredhat-upgrade-python3-11-debuginforedhat-upgrade-python3-11-debugsourceredhat-upgrade-python3-11-develredhat-upgrade-python3-11-idleredhat-upgrade-python3-11-libsredhat-upgrade-python3-11-rpm-macrosredhat-upgrade-python3-11-testredhat-upgrade-python3-11-tkinterredhat-upgrade-python3-9-debuginforedhat-upgrade-python3-9-debugsourceredhat-upgrade-python3-debugredhat-upgrade-python3-debuginforedhat-upgrade-python3-debugsourceredhat-upgrade-python3-develredhat-upgrade-python3-idleredhat-upgrade-python3-libsredhat-upgrade-python3-testredhat-upgrade-python3-tkinterredhat-upgrade-python39redhat-upgrade-python39-attrsredhat-upgrade-python39-cffiredhat-upgrade-python39-cffi-debuginforedhat-upgrade-python39-chardetredhat-upgrade-python39-cryptographyredhat-upgrade-python39-cryptography-debuginforedhat-upgrade-python39-cythonredhat-upgrade-python39-cython-debuginforedhat-upgrade-python39-debugredhat-upgrade-python39-debuginforedhat-upgrade-python39-debugsourceredhat-upgrade-python39-develredhat-upgrade-python39-idleredhat-upgrade-python39-idnaredhat-upgrade-python39-iniconfigredhat-upgrade-python39-libsredhat-upgrade-python39-lxmlredhat-upgrade-python39-lxml-debuginforedhat-upgrade-python39-mod_wsgiredhat-upgrade-python39-more-itertoolsredhat-upgrade-python39-numpyredhat-upgrade-python39-numpy-debuginforedhat-upgrade-python39-numpy-docredhat-upgrade-python39-numpy-f2pyredhat-upgrade-python39-packagingredhat-upgrade-python39-pipredhat-upgrade-python39-pip-wheelredhat-upgrade-python39-pluggyredhat-upgrade-python39-plyredhat-upgrade-python39-psutilredhat-upgrade-python39-psutil-debuginforedhat-upgrade-python39-psycopg2redhat-upgrade-python39-psycopg2-debuginforedhat-upgrade-python39-psycopg2-docredhat-upgrade-python39-psycopg2-testsredhat-upgrade-python39-pyredhat-upgrade-python39-pybind11redhat-upgrade-python39-pybind11-develredhat-upgrade-python39-pycparserredhat-upgrade-python39-pymysqlredhat-upgrade-python39-pyparsingredhat-upgrade-python39-pysocksredhat-upgrade-python39-pytestredhat-upgrade-python39-pyyamlredhat-upgrade-python39-pyyaml-debuginforedhat-upgrade-python39-requestsredhat-upgrade-python39-rpm-macrosredhat-upgrade-python39-scipyredhat-upgrade-python39-scipy-debuginforedhat-upgrade-python39-setuptoolsredhat-upgrade-python39-setuptools-wheelredhat-upgrade-python39-sixredhat-upgrade-python39-testredhat-upgrade-python39-tkinterredhat-upgrade-python39-tomlredhat-upgrade-python39-urllib3redhat-upgrade-python39-wcwidthredhat-upgrade-python39-wheelredhat-upgrade-python39-wheel-wheelredhat-upgrade-pyyaml-debugsourceredhat-upgrade-scipy-debugsource

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.