CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49797 – Local Privilege Escalation in pyinstaller on Windows
https://notcve.org/view.php?id=CVE-2023-49797
09 Dec 2023 — PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the atta... • https://github.com/pyinstaller/pyinstaller/pull/7827 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-16784 – Local Privilege Escalation present only on the Windows version of PyInstaller
https://notcve.org/view.php?id=CVE-2019-16784
14 Jan 2020 — In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software ha... • https://github.com/Ckrielle/CVE-2019-16784-POC • CWE-250: Execution with Unnecessary Privileges CWE-732: Incorrect Permission Assignment for Critical Resource •