#VU96944 Creation of Temporary File With Insecure Permissions in Python - CVE-2024-4030

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users instead usually inheriting the correct permissions from the default location. A local user can gain access to potentially sensitive information stored in temporary files.

Successful exploitation of the vulnerability requires that an alternate configuration or users without a profile directory.

Remediation

External links

• https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/
• https://github.com/python/cpython/issues/118486
• https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e
• https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d
• https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a
• https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd
• https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee
• https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e
• https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee
• https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca
• https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d
• https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84
• https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763
• https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46