CVE-2024-4030

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.13

Description: The issue is related to the tempfile.mkdtemp() function in Python, which on Windows, may not always set the correct permissions for the temporary directory, allowing other users to read and write to it. This is due to Python not supporting Unix permissions on Windows. The fix adds support for Unix "700" permissions for the mkdir function on Windows, ensuring the newly created directory has the proper permissions. If you are not using Windows or haven't changed the temporary directory location, you are not affected by this issue. On other platforms, the returned directory is consistently readable and writable only by the current user.

Recommendations: Update Python to version 3.13 to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory created by tempfile.mkdtemp() to minimize the risk of exploitation. Avoid using the tempfile.mkdtemp() function on Windows until the issue is resolved.