Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2023-6507
HistoryJun 24, 2024 - 3:51 p.m.

CVE-2023-6507

2024-06-2415:51:58
redhat.com
access.redhat.com
12
cpython
subprocess
posix platforms
security issue
privilege escalation

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

Low

JSON

A flaw was found in Python’s subprocess module. When creating a new subprocess, the developer may specify a list of extra groups through the 'extra_groups=` parameter. When this optional parameter is informed with an empty list, the module fails to properly clean the associated groups from the new sub-process’s parent before executing the new sub-process. If the parent process has high privileges, the sub-process created may have unnecessarily high privileges, leading to possible confidentiality and integrity issues when properly exploited.

Related

osv 6
debiancve 1
prion 1
cvelist 1
cbl_mariner 1
cve 1
ubuntucve 1
openvas 2
vulnrichment 1
nvd 1
gentoo 1
nessus 2
ubuntu 1
oracle 1
osv
osv
CVE-2023-6507
2023-12-08 19:15:08
BIT-python-2023-6507
2024-03-06 11:02:52
Groups not dropped before running subprocess when using empty 'extra_groups' parameter
2023-12-08 18:20:49
debiancve
debiancve
CVE-2023-6507
2023-12-08 19:15:08
prion
prion
Design/Logic Flaw
2023-12-08 19:15:00
cvelist
cvelist
CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
2023-12-08 18:20:49
cbl_mariner
cbl_mariner
CVE-2023-6507 affecting package python3 for versions less than 3.12.3-1
2024-08-25 15:13:42
cve
cve
CVE-2023-6507
2023-12-08 19:15:08
ubuntucve
ubuntucve
CVE-2023-6507
2023-12-08 00:00:00
openvas
openvas
Python 3.12.0 Improper Privilege Management Vulnerability - Linux
2023-12-22 00:00:00
Ubuntu: Security Advisory (USN-6891-1)
2024-07-12 00:00:00
vulnrichment
vulnrichment
CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
2023-12-08 18:20:49
nvd
nvd
CVE-2023-6507
2023-12-08 19:15:08
gentoo
gentoo
Python, PyPy3: Multiple Vulnerabilities
2024-05-04 00:00:00
nessus
nessus
GLSA-202405-01 : Python, PyPy3: Multiple Vulnerabilities
2024-05-04 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Python vulnerabilities (USN-6891-1)
2024-07-11 00:00:00
ubuntu
ubuntu
Python vulnerabilities
2024-07-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

Low

JSON
Related for RH:CVE-2023-6507
osv6debiancve1prion1cvelist1cbl_mariner1cve1ubuntucve1openvas2vulnrichment1nvd1gentoo1nessus2ubuntu1oracle1