Description
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
Exploits (1)
Scores
CVSS v3
7.0
EPSS
0.0135
EPSS Percentile
80.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (4)
netapp/active_iq_unified_manager
netapp/ontap_select_deploy_administration_utility
python/python
3.11.0 alpha1 (6 CPE variants)
python/python
< 3.7.12
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026