Amalu-bit
commented
1 month ago Updated CVES
| CVE | Risk Score | Custom Score | Priority | Remarks |
|---|---|---|---|---|
| CVE-2022-26488 | 25 | 0 | Priority 3 | Score has changed to 25. |
Closed ishwaryaaaaaaaaaaa closed 1 month ago
Amalu-bit
commented
1 month ago | CVE | Risk Score | Custom Score | Priority | Remarks |
|---|---|---|---|---|
| CVE-2022-26488 | 25 | 0 | Priority 3 | Score has changed to 25. |
Amalu-bit
commented
1 month ago | CVE | Risk Score | Custom Score | Priority | Remarks |
|---|---|---|---|---|
| CVE-2022-26488 | 29 | 0 | Priority 3 | Score has changed to 29. |
Impacted component: us.icr.io/bravoapps/allegroapp-scoring Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Description
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
Additional details
The CVE-2022-26488 is a vulnerability in Pythons installation process on Windows. It allows local users to gain privileges by manipulating the systems search path. The vulnerability arises from the installers failure to properly secure the search path, enabling a local attacker to add user-writable directories to the system search path. This can be exploited when an administrator has installed Python for all users and enabled PATH entries. A non-administrative user can then trigger a repair that incorrectly adds user-writable paths into PATH, allowing search-path hijacking of other users and system services. The vulnerability affects various versions of Python, including 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. To mitigate this vulnerability, users should update their Python installations to version 3.10.3 or later. Additionally, administrators should ensure that the system search path is properly secured and that user-writable directories are not included in the PATH environment variable.
Recommended mitigation
The mitigation for CVE-2022-26488 involves ensuring that the Python installation is properly secured and configured to prevent search-path hijacking. Here are some steps to mitigate this vulnerability: 1. Update Python: Ensure that you are running the latest version of Python, which includes the fix for this vulnerability. As of the time of writing, the affected versions are Python 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. Updating to a newer version will resolve the issue. 2. Secure the installation: When installing Python, make sure to select the option to install for the current user only, rather than for all users. This will prevent the installer from adding user-writable directories to the system search path. 3. Review and remove unnecessary PATH entries: Check the systems PATH environment variable and remove any user-writable directories that may have been added. This can be done by editing the systems environment variables or by using a tool like the Windows System Properties. 4. Use a secure installation location: When installing Python, choose a secure location for the installation, such as a directory that is not writable by non-administrative users. 5. Monitor system changes: Regularly monitor the system for any changes to the PATH environment variable or the installation location of Python. This can help detect any potential attempts to exploit this vulnerability. 6. Implement least privilege: Ensure that users are running with the least privileges necessary to perform their tasks. This can help prevent an attacker from exploiting this vulnerability to gain elevated privileges. 7. Use a secure package manager: When installing Python packages, use a secure package manager like pip, which can help prevent the installation of malicious packages. By following these mitigation steps, you can help prevent the exploitation of CVE-2022-26488 and ensure the security of your Python installation.