Updated: 2025-12-11 11:52:37.836149
Description:
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CloudLinux 6 ELS | python | 2.6.6 | 7.8 | HIGH | Not Vulnerable | 2025-06-12 00:53:20 | ||
| CloudLinux 7 ELS | python | 2.7.5 | 7.8 | HIGH | Not Vulnerable | 2025-06-12 00:53:19 | ||
| CloudLinux 7 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1727288754 | 2024-10-07 10:50:29 | |
| Oracle Linux 6 ELS | python | 2.6.6 | 7.8 | HIGH | Not Vulnerable | 2025-06-12 00:53:20 | ||
| Oracle Linux 7 ELS | python | 2.7.5 | 7.8 | HIGH | Not Vulnerable | 2025-06-12 00:53:20 | ||
| RHEL 7 ELS | python | 2.7.5 | 7.8 | HIGH | Not Vulnerable | 2025-06-12 00:53:19 | ||
| Ubuntu 16.04 ELS | python3.5 | 3.5.2 | 7.8 | HIGH | Released | CLSA-2025:1740645307 | 2025-02-27 22:11:14 | |
| Ubuntu 18.04 ELS | python3.6 | 3.6.9-1 | 7.8 | HIGH | Released | CLSA-2025:1740645424 | 2025-02-27 22:11:13 |