{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2023-6597","assignerOrgId":"28c92f92-d60d-412d-b760-e73465c3df22","state":"PUBLISHED","assignerShortName":"PSF","dateReserved":"2023-12-07T20:59:23.246Z","datePublished":"2024-03-19T15:44:28.989Z","dateUpdated":"2025-11-03T21:50:47.799Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"CPython","repo":"https://github.com/python/cpython","vendor":"Python Software Foundation","versions":[{"version":"0","lessThan":"3.8.19","status":"affected","versionType":"python"},{"version":"3.9.0","lessThan":"3.9.19","status":"affected","versionType":"python"},{"version":"3.10.0","lessThan":"3.10.14","status":"affected","versionType":"python"},{"version":"3.11.0","lessThan":"3.11.8","status":"affected","versionType":"python"},{"version":"3.12.0","lessThan":"3.12.1","status":"affected","versionType":"python"},{"version":"3.13.0a1","lessThan":"3.13.0a3","status":"affected","versionType":"python"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.<br><br>The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.<br>"}],"value":"An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"28c92f92-d60d-412d-b760-e73465c3df22","shortName":"PSF","dateUpdated":"2024-06-13T19:24:11.289Z"},"references":[{"tags":["patch"],"url":"https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"},{"tags":["issue-tracking"],"url":"https://github.com/python/cpython/issues/91133"},{"tags":["vendor-advisory"],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"},{"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"},{"url":"http://www.openwall.com/lists/oss-security/2024/03/20/5"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"affected":[{"vendor":"python_software_foundation","product":"cpython","cpes":["cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"3.8.19","versionType":"custom"},{"version":"3.9.0","status":"affected","lessThan":"3.9.19","versionType":"custom"},{"version":"3.10.0","status":"affected","lessThan":"3.10.14","versionType":"custom"},{"version":"3.11.0","status":"affected","lessThan":"3.11.8","versionType":"custom"},{"version":"3.12.0","status":"affected","lessThan":"3.12.1","versionType":"custom"},{"version":"3.13.0a1","status":"affected","lessThan":"3.13.0a3","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-05T19:08:44.665083Z","id":"CVE-2023-6597","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-05T19:16:27.862Z"}},{"title":"CVE Program Container","references":[{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"},{"tags":["issue-tracking","x_transferred"],"url":"https://github.com/python/cpython/issues/91133"},{"tags":["vendor-advisory","x_transferred"],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"},{"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html","tags":["x_transferred"]},{"url":"http://www.openwall.com/lists/oss-security/2024/03/20/5","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:50:47.799Z"}}]},"dataVersion":"5.2"}