VDB

RHSA-2025%3A0646

RHSA-2025%3A0646 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-network-interface-bond-cni-rhel8@sha256:e160e2495dcce1f196b3c53e91addfe4b5daaaf1df22330ecef73216da0c6677_s390x as a component of Red Hat OpenShift Container Platform 4.15*
Red Hatopenshift4/ose-baremetal-installer-rhel8@sha256:0854ae01228c166a9570c480e0499aef3088a8f0eacb7e04f24bf8ea8cd851ea_ppc64le as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-baremetal-installer-rhel8@sha256:0854ae01228c166a9570c480e0499aef3088a8f0eacb7e04f24bf8ea8cd851ea_ppc64le
Red Hatopenshift4/ose-insights-rhel9-operator@sha256:2b9d9b2a76a9bb5c7e1bfdd8aa630a8d290c4b97d491f827e218210a8eb0ae85_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-insights-rhel9-operator@sha256:45a709ad050f5e2f9e181cea5bc1a806a9e1eadfea9323f2ad9d3b3aaeb3e1be_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-installer-altinfra-rhel8@sha256:db458a7066aea602497ac8ecf5de19b0fc0b70c1802527e92793124abf555509_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-operator-lifecycle-manager-rhel9@sha256:4b11bb4b7da75ab1dca818dcb1f59c6e0cef5c8c8f9bea2af4e353942ad91f29_amd64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-operator-lifecycle-manager-rhel9@sha256:4b11bb4b7da75ab1dca818dcb1f59c6e0cef5c8c8f9bea2af4e353942ad91f29_amd64
Red Hatopenshift4/kube-metrics-server-rhel8@sha256:6b68a4af68954611f50365a7013822aab866f765b22adc1aab3a66f0219b26bd_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/kube-metrics-server-rhel8@sha256:6b68a4af68954611f50365a7013822aab866f765b22adc1aab3a66f0219b26bd_s390x
Red Hatopenshift4/ose-agent-installer-orchestrator-rhel8@sha256:4c7eed9b99650cd27ec1f3f659981190afc7918e3a28f4709c0d290d267eac72_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-csi-external-provisioner@sha256:5defe4e2720a57900cb1b173e50a89e08d82b32d87a93dc04ef1514c2a53af24_ppc64le as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-csi-external-provisioner@sha256:5defe4e2720a57900cb1b173e50a89e08d82b32d87a93dc04ef1514c2a53af24_ppc64le
Red Hatopenshift4/ose-installer-artifacts@sha256:8f4b5eae09172c1579a9500a4d1d848ee0d10a59e3b612826b06cbe60d654288_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-openstack-cluster-api-controllers-rhel8@sha256:b30743a63c92650ae60c91db4be383a8a6f9c69859abbffdf7d3553acc16a155_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-image-customization-controller-rhel8@sha256:6f6262ee63a6fa47cac5f47a9a33068792df7b93cb32bd3aaf1192959ef7a3d8_arm64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-image-customization-controller-rhel8@sha256:6f6262ee63a6fa47cac5f47a9a33068792df7b93cb32bd3aaf1192959ef7a3d8_arm64
Red Hatopenshift4/ose-deployer@sha256:fda19a2b12e15f8f90573df25d8fae18331aeb0857a8da27d22ec1d87ce9b11c_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-ironic-machine-os-downloader-rhel9@sha256:835d837507cc6f1427a4cfaf2c6c569f45296e587a9229c78d19ccc462dfef05_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-ironic-machine-os-downloader-rhel9@sha256:13cb5aed76279fba1a8e69115c9e6d40aec6464ec10813776bd2a21a74a405b3_arm64 as a component of Red Hat OpenShift Container Platform 4.15*
Red Hatopenshift4/ose-must-gather@sha256:fbe35d0aa9283d02af53b40fb143dc7adbfbb0b762e92c7d3894cf2c6283f612_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-olm-rukpak-rhel8@sha256:db12b2242984c3532be1a43749f2c4ccee7f49733c39e981dd09ee2e619b4304_ppc64le as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-olm-rukpak-rhel8@sha256:db12b2242984c3532be1a43749f2c4ccee7f49733c39e981dd09ee2e619b4304_ppc64le
Red Hatopenshift4/ose-hypershift-rhel9@sha256:5dc7f2e5d2687145263d28b72614b21b0390e14f656b51fffc0fa0e2f6718b8b_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:5d6fabdbf12999fd56a928b7127f3afc2c3830499a4cf3e8311922e6b23369a9_amd64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:5d6fabdbf12999fd56a928b7127f3afc2c3830499a4cf3e8311922e6b23369a9_amd64
Red Hatopenshift4/ose-network-interface-bond-cni-rhel8@sha256:e160e2495dcce1f196b3c53e91addfe4b5daaaf1df22330ecef73216da0c6677_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *

…and 512 more

Timeline

  • Jan 29, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jul 5, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›