Redhat.comRH:CVE-2023-6507CVE-2023-6507
6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.9%
A flaw was found in Python’s subprocess module. When creating a new subprocess, the developer may specify a list of extra groups through the 'extra_groups=` parameter. When this optional parameter is informed with an empty list, the module fails to properly clean the associated groups from the new sub-process’s parent before executing the new sub-process. If the parent process has high privileges, the sub-process created may have unnecessarily high privileges, leading to possible confidentiality and integrity issues when properly exploited.
Related
6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.9%