Python tempfile.mkdtemp() Improper Permission Handling on Windows
CVE-2024-4030 Published on May 7, 2024

tempfile.mkdtemp() may be readable and writeable by all users on Windows
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If youre not using Windows or havent changed the temporary directory location then you arent affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix 700 for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-4030 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Products Associated with CVE-2024-4030

stack.watch emails you whenever new vulnerabilities are published in Oracle or Python. Just hit a watch button to start following.

Oracle

Python

Affected Versions

Python Software Foundation CPython:

Before 3.8.20 is affected.
Version 3.9.0 and below 3.9.20 is affected.
Version 3.10.0 and below 3.10.15 is affected.
Version 3.11.0 and below 3.11.10 is affected.
Version 3.12.0 and below 3.12.4 is affected.
Version 3.13.0a1 and below 3.13.0b1 is affected.

cpython:

Version 0 is affected.
Version 3.13.0a1 is affected.

Exploit Probability

EPSS

0.03%

Percentile

6.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.