On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
{ "vanir_signatures": [ { "digest": { "function_hash": "141725981885825210209145975876735285705", "length": 728.0 }, "id": "CVE-2024-4030-0193e0f1", "source": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee", "signature_type": "Function", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c", "function": "os_mkdir_impl" }, "deprecated": false }, { "digest": { "function_hash": "203361257883980572572155006345752232681", "length": 932.0 }, "id": "CVE-2024-4030-06d20414", "source": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46", "signature_type": "Function", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c", "function": "os_mkdir_impl" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "270081176181819706440030591238144421204", "259534323621569013316056079494197640910", "185327492403438520811619450633964532385", "184425032856094676024123993687891377601", "141085227263077147406075359740007391402", "203501369421001481458072086376717658438", "26906527378686371817038590855130935231", "30896591332757826811017754175721672983", "210664921021786762987606681945325008810", "152037797396078602684476591377360481618", "333178396334060819341524629754171304455", "315133674876771344326847073116674482657", "222335096325397557654645452420207402591", "48104583785741173626396591314505935423" ] }, "id": "CVE-2024-4030-0a7e3e98", "source": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a", "signature_type": "Line", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c" }, "deprecated": false }, { "digest": { "function_hash": "203361257883980572572155006345752232681", "length": 932.0 }, "id": "CVE-2024-4030-14838947", "source": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d", "signature_type": "Function", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c", "function": "os_mkdir_impl" }, "deprecated": false }, { "digest": { "function_hash": "203361257883980572572155006345752232681", "length": 932.0 }, "id": "CVE-2024-4030-18a460b1", "source": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd", "signature_type": "Function", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c", "function": "os_mkdir_impl" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "299662674114992443424585143853448906523", "201810807594854939911956226372329047196", "325970040706701504688551388730501713909", "10098567356171616602959991184129389457", "184425032856094676024123993687891377601", "141085227263077147406075359740007391402", "203501369421001481458072086376717658438", "26906527378686371817038590855130935231", "30896591332757826811017754175721672983", "210664921021786762987606681945325008810", "152037797396078602684476591377360481618", "333178396334060819341524629754171304455", "315133674876771344326847073116674482657", "222335096325397557654645452420207402591", "48104583785741173626396591314505935423" ] }, "id": "CVE-2024-4030-200a4400", "source": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46", "signature_type": "Line", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "109343152441041424152421007415791443330", "107189144668054765186450169693319535513", "272700545021657835167856747664739565733", "77110071589402676215479669978108444277", "126527602439772684885949380377855524891", "257776066577225977616674797569698244669", "180768876042291103729211429733887581490", "184425032856094676024123993687891377601", "271077746014091663940888332256282074785", "195907005089816996242521021833817814448", "81471489156567445035139410090496974092", "30896591332757826811017754175721672983", "210664921021786762987606681945325008810", "152037797396078602684476591377360481618", "333178396334060819341524629754171304455", "315133674876771344326847073116674482657", "222335096325397557654645452420207402591", "48104583785741173626396591314505935423" ] }, "id": "CVE-2024-4030-50427d11", "source": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee", "signature_type": "Line", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c" }, "deprecated": false }, { "digest": { "function_hash": "203361257883980572572155006345752232681", "length": 932.0 }, "id": "CVE-2024-4030-7081159b", "source": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a", "signature_type": "Function", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c", "function": "os_mkdir_impl" }, "deprecated": false }, { "digest": { "function_hash": "203361257883980572572155006345752232681", "length": 932.0 }, "id": "CVE-2024-4030-81191f21", "source": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e", "signature_type": "Function", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c", "function": "os_mkdir_impl" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "95052998454598825806333261047286815524", "3366092791983197449404156970503101203", "40895719949400102153226188188723186949", "327704231819817249349606102660989429271", "126527602439772684885949380377855524891", "257776066577225977616674797569698244669", "180768876042291103729211429733887581490", "184425032856094676024123993687891377601", "141085227263077147406075359740007391402", "203501369421001481458072086376717658438", "26906527378686371817038590855130935231", "30896591332757826811017754175721672983", "210664921021786762987606681945325008810", "152037797396078602684476591377360481618", "333178396334060819341524629754171304455", "315133674876771344326847073116674482657", "222335096325397557654645452420207402591", "48104583785741173626396591314505935423" ] }, "id": "CVE-2024-4030-9d1402d5", "source": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d", "signature_type": "Line", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "132113419225136530226002819697546002926", "217862390418113465908289618867690069626", "11771272994585476960026998272501493655", "204087310384732170598343249749266097203", "185252413062759423167534036134695581421", "85747002314360421974015817390988812195", "338966674663537880088038626631226335118", "60556535541369676442603690338761342343", "208803276972300204639877742388000772722", "298884839316175048178180922380421879195", "241455735916496269127037716715120421806", "69364208662869490613490090649676074105", "332892780393664103370389882260666667013", "146537343741686548371340981621151268260" ] }, "id": "CVE-2024-4030-a66df210", "source": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d", "signature_type": "Line", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "278219574100845183864698531759519971725", "444857797250924557157821033796136433", "21412334854878206310341383438809282374", "327704231819817249349606102660989429271", "126527602439772684885949380377855524891", "257776066577225977616674797569698244669", "180768876042291103729211429733887581490", "184425032856094676024123993687891377601", "141085227263077147406075359740007391402", "203501369421001481458072086376717658438", "26906527378686371817038590855130935231", "30896591332757826811017754175721672983", "210664921021786762987606681945325008810", "152037797396078602684476591377360481618", "333178396334060819341524629754171304455", "315133674876771344326847073116674482657", "222335096325397557654645452420207402591", "48104583785741173626396591314505935423" ] }, "id": "CVE-2024-4030-adf13265", "source": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd", "signature_type": "Line", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "299662674114992443424585143853448906523", "201810807594854939911956226372329047196", "325970040706701504688551388730501713909", "10098567356171616602959991184129389457", "130625181941702787401458771135906259160", "97110087927201153808235647132001287518", "92002082695254694645763766392461502415", "184425032856094676024123993687891377601", "141085227263077147406075359740007391402", "203501369421001481458072086376717658438", "26906527378686371817038590855130935231", "30896591332757826811017754175721672983", "210664921021786762987606681945325008810", "152037797396078602684476591377360481618", "333178396334060819341524629754171304455", "315133674876771344326847073116674482657", "222335096325397557654645452420207402591", "48104583785741173626396591314505935423" ] }, "id": "CVE-2024-4030-bd8540e2", "source": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e", "signature_type": "Line", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c" }, "deprecated": false }, { "digest": { "function_hash": "260960675259309361512075982374987253835", "length": 1740.0 }, "id": "CVE-2024-4030-f497691b", "source": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d", "signature_type": "Function", "signature_version": "v1", "target": { "file": "Modules/posixmodule.c", "function": "initializeMkdir700SecurityAttributes" }, "deprecated": false } ] }