Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310152212HistoryMay 14, 2024 - 12:00 a.m.
Python Access Control Vulnerability (May 2024) - Windows
2024-05-1400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
1
access control vulnerability
python
windows
version 3.12.4
greenbone ag
Python is prone to an access control vulnerability.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:python:python";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.152212");
script_version("2024-05-15T05:05:27+0000");
script_tag(name:"last_modification", value:"2024-05-15 05:05:27 +0000 (Wed, 15 May 2024)");
script_tag(name:"creation_date", value:"2024-05-14 03:13:27 +0000 (Tue, 14 May 2024)");
script_tag(name:"cvss_base", value:"5.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_cve_id("CVE-2024-4030");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Python Access Control Vulnerability (May 2024) - Windows");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("General");
script_dependencies("gb_python_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("python/detected", "Host/runs_windows");
script_tag(name:"summary", value:"Python is prone to an access control vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"On Windows a directory returned by tempfile.mkdtemp() would not
always have permissions set to restrict reading and writing to the temporary directory by other
users, instead usually inheriting the correct permissions from the default location. Alternate
configurations or users without a profile directory may not have the intended permissions.");
script_tag(name:"affected", value:"Python prior to version 3.12.4.");
script_tag(name:"solution", value:"Update to version 3.12.4 or later.");
script_xref(name:"URL", value:"https://mail.python.org/archives/list/[email protected]/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/");
script_xref(name:"URL", value:"https://github.com/python/cpython/issues/118486");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE,
version_regex: "^[0-9]+\.[0-9]+\.[0-9]+"))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "3.12.4")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.12.4", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Related
nvd
nvd
CVE-2024-4030
2024-05-07 21:15:09
osv
osv
CVE-2024-4030
2024-05-07 21:15:09
PSF-2024-3
2024-05-07 21:02:55
BIT-python-2024-4030
2024-05-14 10:33:45
ubuntucve
ubuntucve
CVE-2024-4030
2024-05-07 00:00:00
vulnrichment
vulnrichment
debiancve
debiancve
CVE-2024-4030
2024-05-07 21:15:09
cvelist
cvelist
cve
cve
CVE-2024-4030
2024-05-07 21:15:09
7.3 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.2%
Related for OPENVAS:1361412562310152212