CVE-2023-3972 : A vulnerability was found in insights-client. This security issue occurs because

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

Published 2023-11-01 16:15:09

Updated 2024-07-03 01:41:03

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-3972

Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Scientific Computing » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Big Endian » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Aus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Update Services For Sap Solutions » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.1
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Insights-client
Versions before (<) 3.2.2
cpe:2.3:a:redhat:insights-client:*:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.1
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-3972

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-3972

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Red Hat, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	N/A	N/A	RedHat-CVE-2023-3972
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-3972

CWE-379 Creation of Temporary File in Directory with Insecure Permissions

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- secalert@redhat.com (Secondary)
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-3972

https://access.redhat.com/security/cve/CVE-2023-3972

CVE-2023-3972- Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6811

RHSA-2023:6811 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6798

RHSA-2023:6798 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6284

RHSA-2023:6284 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6283

RHSA-2023:6283 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://github.com/RedHatInsights/insights-core/pull/3878

feat: improve temp directories by ahitacat · Pull Request #3878 · RedHatInsights/insights-core · GitHub
Patch
https://access.redhat.com/errata/RHSA-2023:6795

RHSA-2023:6795 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6264

RHSA-2023:6264 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6282

RHSA-2023:6282 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6796

RHSA-2023:6796 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2227027

2227027 – (CVE-2023-3972) CVE-2023-3972 insights-client: unsafe handling of temporary files and directories
Issue Tracking;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-3972

Products affected by CVE-2023-3972

Exploit prediction scoring system (EPSS) score for CVE-2023-3972

CVSS scores for CVE-2023-3972

CWE ids for CVE-2023-3972

References for CVE-2023-3972