{"id":"CVE-2024-4030","details":"On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.","aliases":["BIT-python-2024-4030","PSF-2024-3"],"modified":"2026-04-12T10:54:01.643854Z","published":"2024-05-07T21:15:09.467Z","related":["CGA-6qp7-9r8g-vg6m","SUSE-SU-2024:2572-1","SUSE-SU-2025:20154-1","SUSE-SU-2025:20374-1","openSUSE-SU-2024:14109-1","openSUSE-SU-2024:14295-1","openSUSE-SU-2024:14331-1","openSUSE-SU-2024:14340-1","openSUSE-SU-2024:14345-1","openSUSE-SU-2024:14346-1","openSUSE-SU-2024:14434-1","openSUSE-SU-2025:15713-1"],"references":[{"type":"WEB","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240705-0005/"},{"type":"REPORT","url":"https://github.com/python/cpython/issues/118486"},{"type":"FIX","url":"https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"},{"type":"FIX","url":"https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"},{"type":"FIX","url":"https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"},{"type":"FIX","url":"https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"},{"type":"FIX","url":"https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"},{"type":"FIX","url":"https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"},{"type":"FIX","url":"https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"},{"type":"FIX","url":"https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"},{"type":"FIX","url":"https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"},{"type":"FIX","url":"https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"},{"type":"FIX","url":"https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"},{"type":"FIX","url":"https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"35c799d79177b962ddace2fa068101465570a29a"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"5130731c9e779b97d00a24f54cdce73ce9975dfd"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"66f8bb76a15e64a1bb7688b177ed29e26230fdee"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"6d0850c4c8188035643586ab4d8ec2468abd699e"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"81939dad77001556c527485d31a2d0f4a759033e"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"8ed546679524140d8282175411fd141fe7df070d"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"91e3669e01245185569d09e9e6e11641282971ee"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"94591dca510c796c7d40e9b4167ea56f2fdf28ca"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"c8f868dc52f98011d0f9b459b6487920bfb0ac4d"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"d86b49411753bf2c83291e3a14ae43fefded2f84"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"e1dfa978b1ad210d551385ad8073ec6154f53763"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"eb29e2f5905da93333d1ce78bc98b151e763ff46"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"35c799d79177b962ddace2fa068101465570a29a"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"5130731c9e779b97d00a24f54cdce73ce9975dfd"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"66f8bb76a15e64a1bb7688b177ed29e26230fdee"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"6d0850c4c8188035643586ab4d8ec2468abd699e"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"81939dad77001556c527485d31a2d0f4a759033e"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"8ed546679524140d8282175411fd141fe7df070d"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"91e3669e01245185569d09e9e6e11641282971ee"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"94591dca510c796c7d40e9b4167ea56f2fdf28ca"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"c8f868dc52f98011d0f9b459b6487920bfb0ac4d"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"d86b49411753bf2c83291e3a14ae43fefded2f84"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"e1dfa978b1ad210d551385ad8073ec6154f53763"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"eb29e2f5905da93333d1ce78bc98b151e763ff46"}]}],"versions":["v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.10.0a1","v3.10.0a7","v3.10.0b1","v3.10.0b2","v3.10.0b3","v3.10.0b4","v3.10.0rc1","v3.10.0rc2","v3.10.1","v3.10.10","v3.10.11","v3.10.12","v3.10.13","v3.10.14","v3.10.2","v3.10.3","v3.10.4","v3.10.5","v3.10.6","v3.10.7","v3.10.8","v3.10.9","v3.11.0a3","v3.11.0a4","v3.11.0a5","v3.11.0a6","v3.11.0a7","v3.11.0b1","v3.11.0b2","v3.11.0b3","v3.11.0b4","v3.11.0b5","v3.11.0rc1","v3.11.0rc2","v3.11.1","v3.11.2","v3.11.3","v3.11.4","v3.11.5","v3.11.6","v3.11.7","v3.11.8","v3.11.9","v3.12.0","v3.12.0a1","v3.12.0a2","v3.12.0a3","v3.12.0a4","v3.12.0a5","v3.12.0a6","v3.12.0a7","v3.12.0b1","v3.12.0b2","v3.12.0b3","v3.12.0b4","v3.12.0rc1","v3.12.0rc2","v3.12.0rc3","v3.12.1","v3.12.2","v3.12.3","v3.13.0a1","v3.13.0a2","v3.13.0a3","v3.13.0a4","v3.13.0a5","v3.13.0a6","v3.13.0b1","v3.1a1","v3.1a2","v3.1b1","v3.1rc1","v3.1rc2","v3.2a1","v3.2a2","v3.2a3","v3.2a4","v3.2b1","v3.2b2","v3.2rc1","v3.2rc2","v3.2rc3","v3.3.0a2","v3.3.0a3","v3.3.0a4","v3.3.0b1","v3.3.0b2","v3.3.0rc1","v3.3.0rc2","v3.3.0rc3","v3.4.0a1","v3.4.0a2","v3.4.0a3","v3.4.0a4","v3.4.0b1","v3.4.0b2","v3.4.0b3","v3.5.0a1","v3.5.0a2","v3.5.0a3","v3.5.0a4","v3.5.0b1","v3.6.0a3","v3.6.0b1","v3.7.0a2","v3.8.0rc1","v3.8.11","v3.8.12","v3.8.13","v3.8.14","v3.8.15","v3.8.16","v3.8.17","v3.8.18","v3.8.19","v3.8.3","v3.8.3rc1","v3.8.5","v3.8.8","v3.8.8rc1","v3.9.0a2","v3.9.0b1","v3.9.0b3","v3.9.0b5","v3.9.11","v3.9.12","v3.9.13","v3.9.14","v3.9.15","v3.9.16","v3.9.17","v3.9.18","v3.9.19","v3.9.2","v3.9.2rc1","v3.9.5","v3.9.6","v3.9.7","v3.9.8","v3.9.9"],"database_specific":{"vanir_signatures_modified":"2026-04-12T10:54:01Z","vanir_signatures":[{"id":"CVE-2024-4030-0193e0f1","digest":{"length":728,"function_hash":"141725981885825210209145975876735285705"},"deprecated":false,"target":{"function":"os_mkdir_impl","file":"Modules/posixmodule.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"},{"id":"CVE-2024-4030-06d20414","digest":{"length":932,"function_hash":"203361257883980572572155006345752232681"},"deprecated":false,"target":{"function":"os_mkdir_impl","file":"Modules/posixmodule.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"},{"id":"CVE-2024-4030-0a7e3e98","digest":{"line_hashes":["270081176181819706440030591238144421204","259534323621569013316056079494197640910","185327492403438520811619450633964532385","184425032856094676024123993687891377601","141085227263077147406075359740007391402","203501369421001481458072086376717658438","26906527378686371817038590855130935231","30896591332757826811017754175721672983","210664921021786762987606681945325008810","152037797396078602684476591377360481618","333178396334060819341524629754171304455","315133674876771344326847073116674482657","222335096325397557654645452420207402591","48104583785741173626396591314505935423"],"threshold":0.9},"deprecated":false,"target":{"file":"Modules/posixmodule.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"},{"id":"CVE-2024-4030-14838947","digest":{"length":932,"function_hash":"203361257883980572572155006345752232681"},"deprecated":false,"target":{"function":"os_mkdir_impl","file":"Modules/posixmodule.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"},{"id":"CVE-2024-4030-18a460b1","digest":{"length":932,"function_hash":"203361257883980572572155006345752232681"},"deprecated":false,"target":{"function":"os_mkdir_impl","file":"Modules/posixmodule.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"},{"id":"CVE-2024-4030-200a4400","digest":{"line_hashes":["299662674114992443424585143853448906523","201810807594854939911956226372329047196","325970040706701504688551388730501713909","10098567356171616602959991184129389457","184425032856094676024123993687891377601","141085227263077147406075359740007391402","203501369421001481458072086376717658438","26906527378686371817038590855130935231","30896591332757826811017754175721672983","210664921021786762987606681945325008810","152037797396078602684476591377360481618","333178396334060819341524629754171304455","315133674876771344326847073116674482657","222335096325397557654645452420207402591","48104583785741173626396591314505935423"],"threshold":0.9},"deprecated":false,"target":{"file":"Modules/posixmodule.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"},{"id":"CVE-2024-4030-50427d11","digest":{"line_hashes":["109343152441041424152421007415791443330","107189144668054765186450169693319535513","272700545021657835167856747664739565733","77110071589402676215479669978108444277","126527602439772684885949380377855524891","257776066577225977616674797569698244669","180768876042291103729211429733887581490","184425032856094676024123993687891377601","271077746014091663940888332256282074785","195907005089816996242521021833817814448","81471489156567445035139410090496974092","30896591332757826811017754175721672983","210664921021786762987606681945325008810","152037797396078602684476591377360481618","333178396334060819341524629754171304455","315133674876771344326847073116674482657","222335096325397557654645452420207402591","48104583785741173626396591314505935423"],"threshold":0.9},"deprecated":false,"target":{"file":"Modules/posixmodule.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"},{"id":"CVE-2024-4030-7081159b","digest":{"length":932,"function_hash":"203361257883980572572155006345752232681"},"deprecated":false,"target":{"function":"os_mkdir_impl","file":"Modules/posixmodule.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"},{"id":"CVE-2024-4030-81191f21","digest":{"length":932,"function_hash":"203361257883980572572155006345752232681"},"deprecated":false,"target":{"function":"os_mkdir_impl","file":"Modules/posixmodule.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"},{"id":"CVE-2024-4030-9d1402d5","digest":{"line_hashes":["95052998454598825806333261047286815524","3366092791983197449404156970503101203","40895719949400102153226188188723186949","327704231819817249349606102660989429271","126527602439772684885949380377855524891","257776066577225977616674797569698244669","180768876042291103729211429733887581490","184425032856094676024123993687891377601","141085227263077147406075359740007391402","203501369421001481458072086376717658438","26906527378686371817038590855130935231","30896591332757826811017754175721672983","210664921021786762987606681945325008810","152037797396078602684476591377360481618","333178396334060819341524629754171304455","315133674876771344326847073116674482657","222335096325397557654645452420207402591","48104583785741173626396591314505935423"],"threshold":0.9},"deprecated":false,"target":{"file":"Modules/posixmodule.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"},{"id":"CVE-2024-4030-a66df210","digest":{"line_hashes":["132113419225136530226002819697546002926","217862390418113465908289618867690069626","11771272994585476960026998272501493655","204087310384732170598343249749266097203","185252413062759423167534036134695581421","85747002314360421974015817390988812195","338966674663537880088038626631226335118","60556535541369676442603690338761342343","208803276972300204639877742388000772722","298884839316175048178180922380421879195","241455735916496269127037716715120421806","69364208662869490613490090649676074105","332892780393664103370389882260666667013","146537343741686548371340981621151268260"],"threshold":0.9},"deprecated":false,"target":{"file":"Modules/posixmodule.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"},{"id":"CVE-2024-4030-adf13265","digest":{"line_hashes":["278219574100845183864698531759519971725","444857797250924557157821033796136433","21412334854878206310341383438809282374","327704231819817249349606102660989429271","126527602439772684885949380377855524891","257776066577225977616674797569698244669","180768876042291103729211429733887581490","184425032856094676024123993687891377601","141085227263077147406075359740007391402","203501369421001481458072086376717658438","26906527378686371817038590855130935231","30896591332757826811017754175721672983","210664921021786762987606681945325008810","152037797396078602684476591377360481618","333178396334060819341524629754171304455","315133674876771344326847073116674482657","222335096325397557654645452420207402591","48104583785741173626396591314505935423"],"threshold":0.9},"deprecated":false,"target":{"file":"Modules/posixmodule.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"},{"id":"CVE-2024-4030-bd8540e2","digest":{"line_hashes":["299662674114992443424585143853448906523","201810807594854939911956226372329047196","325970040706701504688551388730501713909","10098567356171616602959991184129389457","130625181941702787401458771135906259160","97110087927201153808235647132001287518","92002082695254694645763766392461502415","184425032856094676024123993687891377601","141085227263077147406075359740007391402","203501369421001481458072086376717658438","26906527378686371817038590855130935231","30896591332757826811017754175721672983","210664921021786762987606681945325008810","152037797396078602684476591377360481618","333178396334060819341524629754171304455","315133674876771344326847073116674482657","222335096325397557654645452420207402591","48104583785741173626396591314505935423"],"threshold":0.9},"deprecated":false,"target":{"file":"Modules/posixmodule.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"},{"id":"CVE-2024-4030-f497691b","digest":{"length":1740,"function_hash":"260960675259309361512075982374987253835"},"deprecated":false,"target":{"function":"initializeMkdir700SecurityAttributes","file":"Modules/posixmodule.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4030.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}