CVE-2024-4030 – tempfile.mkdtemp() may be readable and writeable by all users on Windows
https://notcve.org/view.php?id=CVE-2024-4030
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. En Windows, un directorio devuelto por tempfile.mkdtemp() no siempre tendría permisos configurados para restringir la lectura y escritura en el directorio temporal por parte de otros usuarios, sino que normalmente heredaría los permisos correctos de la ubicación predeterminada. • https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee https://github. • CWE-276: Incorrect Default Permissions •
CVE-2024-32879 – social-auth-app-django Improper Handling of Case Sensitivity vulnerability
https://notcve.org/view.php?id=CVE-2024-32879
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. Python Social Auth es un mecanismo de autenticación/registro social. • https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 https://github.com/python-social-auth/social-app-django/pull/566 https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3 https://access.redhat.com/security/cve/CVE-2024-32879 https://bugzilla.redhat.com/show_bug.cgi?id=2277035 • CWE-178: Improper Handling of Case Sensitivity CWE-303: Incorrect Implementation of Authentication Algorithm •
CVE-2023-6597 – python: Path traversal on tempfile.TemporaryDirectory
https://notcve.org/view.php?id=CVE-2023-6597
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Se encontró un problema en la clase CPython `tempfile.TemporaryDirectory` que afecta a las versiones 3.12.2, 3.11.8, 3.10.13, 3.9.18 y 3.8.18 y anteriores. La clase tempfile.TemporaryDirectory eliminaría la referencia a enlaces simbólicos durante la limpieza de errores relacionados con permisos. Esto significa que los usuarios que pueden ejecutar programas privilegiados pueden modificar los permisos de los archivos a los que hacen referencia los enlaces simbólicos en algunas circunstancias. • http://www.openwall.com/lists/oss-security/2024/03/20/5 https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25 https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82 https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b https://github.com • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2024-0450 – Quoted zip-bomb protection for zipfile
https://notcve.org/view.php?id=CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. Se encontró un problema en el módulo `zipfile` de CPython que afecta a las versiones 3.12.2, 3.11.8, 3.10.13, 3.9.18 y 3.8.18 y anteriores. El módulo zipfile es vulnerable a bombas zip "superpuestas entre comillas" que explotan el formato zip para crear una bomba zip con una alta relación de compresión. Las versiones fijas de CPython hacen que el módulo zipfile rechace archivos zip que se superponen con entradas en el archivo. • http://www.openwall.com/lists/oss-security/2024/03/20/5 https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 https://github.com • CWE-405: Asymmetric Resource Consumption (Amplification) CWE-450: Multiple Interpretations of UI Input •
CVE-2023-50782 – Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
https://notcve.org/view.php?id=CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. • https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •