CVE-2013-1888
Description
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
Risk Information
Base Score
6.2
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.085
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-1629,CVE-2013-1888 are fixed in Python-pip 1.3 | Windows |
| Python39 update (ELSA-2023-7034) python39-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-PyMySQL update (ELSA-2023-7034) python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-cffi update (ELSA-2023-7034) python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-chardet update (ELSA-2023-7034) python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-cryptography update (ELSA-2023-7034) python39-cryptography-3.3.1-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-devel update (ELSA-2023-7034) python39-devel-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-idle update (ELSA-2023-7034) python39-idle-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-idna update (ELSA-2023-7034) python39-idna-2.10-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-libs update (ELSA-2023-7034) python39-libs-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-lxml update (ELSA-2023-7034) python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-mod_wsgi update (ELSA-2023-7034) python39-mod_wsgi-4.7.1-7.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-numpy update (ELSA-2023-7034) python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-numpy-doc update (ELSA-2023-7034) python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-numpy-f2py update (ELSA-2023-7034) python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-pip update (ELSA-2023-7034) python39-pip-20.2.4-8.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-pip-wheel update (ELSA-2023-7034) python39-pip-wheel-20.2.4-8.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-ply update (ELSA-2023-7034) python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-psutil update (ELSA-2023-7034) python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-psycopg2 update (ELSA-2023-7034) python39-psycopg2-2.8.6-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-psycopg2-doc update (ELSA-2023-7034) python39-psycopg2-doc-2.8.6-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-psycopg2-tests update (ELSA-2023-7034) python39-psycopg2-tests-2.8.6-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-pycparser update (ELSA-2023-7034) python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-pysocks update (ELSA-2023-7034) python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-pyyaml update (ELSA-2023-7034) python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-requests update (ELSA-2023-7034) python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-rpm-macros update (ELSA-2023-7034) python39-rpm-macros-3.9.18-1.module+el8.9.0+90071+8dc52a4f.noarch.rpm | Linux |
| Python39-scipy update (ELSA-2023-7034) python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-setuptools update (ELSA-2023-7034) python39-setuptools-50.3.2-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-setuptools-wheel update (ELSA-2023-7034) python39-setuptools-wheel-50.3.2-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-six update (ELSA-2023-7034) python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-test update (ELSA-2023-7034) python39-test-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-tkinter update (ELSA-2023-7034) python39-tkinter-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-toml update (ELSA-2023-7034) python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-urllib3 update (ELSA-2023-7034) python39-urllib3-1.25.10-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-wheel update (ELSA-2023-7034) python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-wheel-wheel update (ELSA-2023-7034) python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Vulnerabilities CVE-2013-1629,CVE-2013-1888 are fixed in Python-pip for linux 1.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234