CVE-2023-6597 is a high-severity vulnerability affecting the CPython tempfile module, specifically the tempfile.TemporaryDirectory class. This issue arises from improper handling of symbolic links during permission cleanup processes, allowing users with the ability to run privileged programs to potentially modify permissions of files pointed to by symlinks. The affected versions include 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The CVSS score for this vulnerability is 7.8, categorizing it as high severity. The risk to organizations includes unauthorized alterations to sensitive files, which could lead to further exploitation or data breaches. Given the nature of this vulnerability, organizations should prioritize patching immediately.
Currently, there are no known active exploits or proofs of concept publicly available for this vulnerability. However, the potential for exploitation remains significant, and organizations are urged to assess their environments for instances of the affected Python versions.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)