CVE-2024-4030Incorrect Default Permissions in Software Foundation Cpython

CWE-276Incorrect Default Permissions4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 93.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Python Software Foundation Cpython
Timeline
PublishedMay 7

Description

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the re

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

CVEListV5python_software_foundation/cpython3.9.03.9.20+5

🔴Vulnerability Details

2
CVEList
tempfile.mkdtemp() may be readable and writeable by all users on Windows2024-05-07
GHSA
GHSA-2w87-6hh6-mqrj: On Windows a directory returned by tempfile2024-05-07

📋Vendor Advisories

1
Debian
CVE-2024-4030: python2.7 - On Windows a directory returned by tempfile.mkdtemp() would not always have perm...2024
CVE-2024-4030 — Incorrect Default Permissions | cvebase