8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-49797

GHSA ID

GHSA-9w2p-rh8c-v9g5

EPSS Score

0.23796%

CWE

CWE-379

Published

12/9/2023

Updated

11/22/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-49797

CVE-2023-49797: Local Privilege Escalation in Windows

Impact

A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to.

A user is affected if all the following are satisfied:

The user runs an application containing either matplotlib or win32com.
The application is ran as administrator (or at least a user with higher privileges than the attacker).
The user's temporary directory is not locked to that specific user (most likely due to TMP/TEMP environment variables pointing to an unprotected, arbitrary, non default location).
Either:
- The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between shutil.rmtree()'s builtin symlink check and the deletion itself
- The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links

Patches

The vulnerability has been addressed in https://github.com/pyinstaller/pyinstaller/pull/7827 which corresponds to pyinstaller >= 5.13.1

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

No workaround, although the attack complexity becomes much higher if the application is built with Python >= 3.8.0.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-49797

CVE-2023-49797:

8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-49797

GHSA ID

GHSA-9w2p-rh8c-v9g5

EPSS Score

0.23796%

CWE

CWE-379

Published

12/9/2023

Updated

11/22/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pyinstaller	pip	< 5.13.1	5.13.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description highlights that the attack occurs between the symlink check in shutil.rmtree() and the actual deletion. The code in shutil.py line 623 (referenced in the CVE) shows the symlink check, but the non-atomic operation allows a time-of-check to time-of-use (TOCTOU) race condition. This makes shutil.rmtree the critical vulnerable function. While PyInstaller's use of tempfile.mkdtemp contributed to insecure temporary directories, the immediate vulnerability trigger is the race condition in shutil.rmtree during deletion.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-49797: Local Privilege Escalation in Windows

Impact

Patches

Workarounds

CVE-2023-49797:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

8.8

8.8

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

CVE-2023-49797: Local Privilege Escalation in Windows

Impact

Patches

Workarounds

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI