PYSEC-2020-175

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pyinstaller/PYSEC-2020-175.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-175

Aliases

Published

2020-01-14T20:15:00Z

Modified

2023-11-01T04:50:40.607407Z

Summary

[none]

Details

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).

References

https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r

Affected packages

PyPI / pyinstaller

Package

Name: pyinstaller; View open source insights on deps.dev
Purl: pkg:pypi/pyinstaller

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6

Affected versions

1.*

1.5

1.5.1

2.*

2.0

2.1

3.*

3.0

3.1

3.1.1

3.2

3.2.1

3.3

3.3.1

3.4

3.5