What is CVE-2023-3972?

CVE-2023-3972 is a high-severity vulnerability in Red Hat Enterprise Linux 6, classified under Creation of Temporary File in Directory with Insecure Permissions. CVSS score: 7.8/10. Published 2023-11-01.

How severe is CVE-2023-3972?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Red Hat Enterprise Linux 6

CVE-2023-3972

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been…

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7 — versions 0:3.1.9-1.el7_9
Red Hat Enterprise Linux 8 — versions 0:3.2.2-1.el8_8
Red Hat Enterprise Linux 8.1 Update Services For Sap Solutions — versions 0:3.2.3-1.el8_1
Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 0:3.2.3-1.el8_2
Red Hat Enterprise Linux 8.2 Telecommunications Update Service — versions 0:3.2.3-1.el8_2
Red Hat Enterprise Linux 8.2 Update Services For Sap Solutions — versions 0:3.2.3-1.el8_2
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 0:3.2.3-1.el8_4
Red Hat Enterprise Linux 8.4 Telecommunications Update Service — versions 0:3.2.3-1.el8_4
Red Hat Enterprise Linux 8.4 Update Services For Sap Solutions — versions 0:3.2.3-1.el8_4

Weakness classification (CWE)

CWE-379 — Creation of Temporary File in Directory with Insecure Permissions

References

RHSA-2023:6264 (vendor-advisory, x_refsource_REDHAT)
RHSA-2023:6282 (vendor-advisory, x_refsource_REDHAT)
RHSA-2023:6283 (vendor-advisory, x_refsource_REDHAT)
RHSA-2023:6284 (vendor-advisory, x_refsource_REDHAT)
RHSA-2023:6795 (vendor-advisory, x_refsource_REDHAT)
RHSA-2023:6796 (vendor-advisory, x_refsource_REDHAT)
RHSA-2023:6798 (vendor-advisory, x_refsource_REDHAT)
RHSA-2023:6811 (vendor-advisory, x_refsource_REDHAT)
access.redhat.com/security/cve/CVE-2023-3972 (vdb-entry, x_refsource_REDHAT)
RHBZ#2227027 (issue-tracking, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2023-3972?: CVE-2023-3972 is a high-severity vulnerability in Red Hat Enterprise Linux 6, classified under Creation of Temporary File in Directory with Insecure Permissions. CVSS score: 7.8/10. Published 2023-11-01.
How severe is CVE-2023-3972?: High severity. CVSS v3 base score is 7.8 out of 10.