๐Ÿ” CVE Alert

CVE-2023-3972

HIGH 7.8

Insights-client: unsafe handling of temporary files and directories

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
1th

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

CWE CWE-379
Vendor red hat
Product red hat enterprise linux 7
Published Nov 1, 2023
Last Updated Apr 6, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat enterprise linux 7

Be the first to know when new high vulnerabilities affecting red hat red hat enterprise linux 7 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Red Hat / Red Hat Enterprise Linux 7
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6264 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6282 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6283 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6284 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6795 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6796 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6798 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6811 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-3972 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2227027 github.com: https://github.com/RedHatInsights/insights-core/pull/3878

Credits

This issue was discovered by Alasdair Kergon (Red Hat) and Pavel Odvody (Red Hat).