Insecure Temporary File Affecting buzz-captions package, versions [0,]


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-BUZZCAPTIONS-8304176
  • published 25 Oct 2024
  • disclosed 25 Oct 2024
  • credit Startr4ck

How to fix?

There is no fixed version for buzz-captions.

Overview

Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated mktemp() function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity for an attacker to manipulate the file before it is opened by the original process.

This is only exploitable if the attacker has local access and the ability to execute their own code on the machine.

Note:

PoC

import os
import tempfile

# Use tempfile.mktemp() to generate a temporary file path
temp_path = tempfile.mktemp()
print(f"Generated temp file path: {temp_path}")

# Simulate the time window between generating the file path and creating the file,
# during which another program could create a file with the same name.
# An attacker might create a malicious file with the same path.

# The program then tries to use this path to create a file
with open(temp_path, 'w') as f:
    f.write("Sensitive data.")

CVSS Scores

version 4.0
version 3.1
Expand this section

Snyk

Recommended
1.8 low
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    High
  • Attack Requirements (AT)
    None
  • Privileges Required (PR)
    High
  • User Interaction (UI)
    None
  • Confidentiality (VC)
    Low
  • Integrity (VI)
    Low
  • Availability (VA)
    Low
  • Confidentiality (SC)
    None
  • Integrity (SI)
    None
  • Availability (SA)
    None