Python is prone to an access control vulnerability.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:python:python";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.152212");
script_version("2024-05-15T05:05:27+0000");
script_tag(name:"last_modification", value:"2024-05-15 05:05:27 +0000 (Wed, 15 May 2024)");
script_tag(name:"creation_date", value:"2024-05-14 03:13:27 +0000 (Tue, 14 May 2024)");
script_tag(name:"cvss_base", value:"5.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_cve_id("CVE-2024-4030");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Python Access Control Vulnerability (May 2024) - Windows");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("General");
script_dependencies("gb_python_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("python/detected", "Host/runs_windows");
script_tag(name:"summary", value:"Python is prone to an access control vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"On Windows a directory returned by tempfile.mkdtemp() would not
always have permissions set to restrict reading and writing to the temporary directory by other
users, instead usually inheriting the correct permissions from the default location. Alternate
configurations or users without a profile directory may not have the intended permissions.");
script_tag(name:"affected", value:"Python prior to version 3.12.4.");
script_tag(name:"solution", value:"Update to version 3.12.4 or later.");
script_xref(name:"URL", value:"https://mail.python.org/archives/list/[email protected]/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/");
script_xref(name:"URL", value:"https://github.com/python/cpython/issues/118486");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE,
version_regex: "^[0-9]+\.[0-9]+\.[0-9]+"))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "3.12.4")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.12.4", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);