CVE-2020-15801 – This vulnerability in Python 3.8.4 allows attac... (How to Fix)

Q: What is the severity of CVE-2020-15801?

CVE-2020-15801 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Python 3.8.4 allows attackers to bypass sys.path restrictions specified in python38._pth files, enabling code execution from arbitrary locations. This affects systems running Python 3.8.4 where python38._pth files are used to restrict module loading paths. The vulnerability does not affect the standard python._pth file.

📋 TL;DR

This vulnerability in Python 3.8.4 allows attackers to bypass sys.path restrictions specified in python38._pth files, enabling code execution from arbitrary locations. This affects systems running Python 3.8.4 where python38._pth files are used to restrict module loading paths. The vulnerability does not affect the standard python._pth file.

💻 Affected Systems

Products:

Python

Versions: Python 3.8.4 only

Operating Systems: All platforms running Python 3.8.4

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when python38._pth file is present and used for path restrictions. Standard python._pth files are not affected.

📦 What is this software?

Max Data by Netapp

View all CVEs affecting Max Data →

Python by Python

Python is a high-level, interpreted programming language known for its readability and versatility. It is widely used in web development, data science, automation, and scientific computing.

Learn more about Python →

Python by Python

Python is a high-level, interpreted programming language known for its readability and versatility. It is widely used in web development, data science, automation, and scientific computing.

Learn more about Python →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation or unauthorized code execution by users with access to place files in arbitrary locations.

🟢

If Mitigated

Limited impact if proper file permissions and execution controls prevent unauthorized file placement.

🌐 Internet-Facing: MEDIUM - Requires ability to place files on target system, but web applications could be vulnerable if they allow file uploads.

🏢 Internal Only: HIGH - Internal users with file write access could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to place files in arbitrary locations on the target system. Proof of concept available in Python bug tracker.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Python 3.8.5 and later

Vendor Advisory: https://bugs.python.org/issue41304

Restart Required: Yes

Instructions:

1. Upgrade Python to version 3.8.5 or later. 2. Replace python38._pth files with python._pth files if using path restrictions. 3. Restart affected Python processes.

🔧 Temporary Workarounds

Replace python38._pth with python._pth

all

Rename or replace python38._pth files with python._pth files to use the unaffected path restriction mechanism.

mv python38._pth python._pth

Remove python38._pth files

all

Delete python38._pth files if path restrictions are not critical for your use case.

rm python38._pth

🧯 If You Can't Patch

Implement strict file permissions to prevent unauthorized users from placing files in arbitrary locations.
Use application whitelisting to restrict which Python scripts can execute on the system.

🔍 How to Verify

Check if Vulnerable:

Check if Python 3.8.4 is installed and if python38._pth files exist in Python installation directories.

Check Version:

python --version

Verify Fix Applied:

Verify Python version is 3.8.5 or later, and ensure python38._pth files have been removed or replaced.

📡 Detection & Monitoring

Log Indicators:

Unexpected Python module loads from non-standard paths
Creation or modification of python38._pth files

Network Indicators:

Unusual outbound connections from Python processes

SIEM Query:

Process creation where command line contains 'python' AND file path contains unusual directories

📊 Metadata

CVE ID: CVE-2020-15801

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-426

Published: July 17, 2020

Last Updated: November 21, 2024

🔗 References

https://bugs.python.org/issue41304 Issue Tracking,Patch,Vendor Advisory
https://github.com/python/cpython/pull/21495 Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20200731-0003/ Third Party Advisory
https://bugs.python.org/issue41304 Issue Tracking,Patch,Vendor Advisory
https://github.com/python/cpython/pull/21495 Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20200731-0003/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15801, you might also want to check these: