VDB
RHSA-2025%3A0646
RHSA-2025%3A0646
PUBLISHED
CVSS 7.800000190734863 HIGH
A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-network-interface-bond-cni-rhel8@sha256:e160e2495dcce1f196b3c53e91addfe4b5daaaf1df22330ecef73216da0c6677_s390x as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | openshift4/ose-baremetal-installer-rhel8@sha256:0854ae01228c166a9570c480e0499aef3088a8f0eacb7e04f24bf8ea8cd851ea_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-baremetal-installer-rhel8@sha256:0854ae01228c166a9570c480e0499aef3088a8f0eacb7e04f24bf8ea8cd851ea_ppc64le |
| Red Hat | openshift4/ose-insights-rhel9-operator@sha256:2b9d9b2a76a9bb5c7e1bfdd8aa630a8d290c4b97d491f827e218210a8eb0ae85_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-insights-rhel9-operator@sha256:45a709ad050f5e2f9e181cea5bc1a806a9e1eadfea9323f2ad9d3b3aaeb3e1be_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-installer-altinfra-rhel8@sha256:db458a7066aea602497ac8ecf5de19b0fc0b70c1802527e92793124abf555509_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-operator-lifecycle-manager-rhel9@sha256:4b11bb4b7da75ab1dca818dcb1f59c6e0cef5c8c8f9bea2af4e353942ad91f29_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-operator-lifecycle-manager-rhel9@sha256:4b11bb4b7da75ab1dca818dcb1f59c6e0cef5c8c8f9bea2af4e353942ad91f29_amd64 |
| Red Hat | openshift4/kube-metrics-server-rhel8@sha256:6b68a4af68954611f50365a7013822aab866f765b22adc1aab3a66f0219b26bd_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/kube-metrics-server-rhel8@sha256:6b68a4af68954611f50365a7013822aab866f765b22adc1aab3a66f0219b26bd_s390x |
| Red Hat | openshift4/ose-agent-installer-orchestrator-rhel8@sha256:4c7eed9b99650cd27ec1f3f659981190afc7918e3a28f4709c0d290d267eac72_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-csi-external-provisioner@sha256:5defe4e2720a57900cb1b173e50a89e08d82b32d87a93dc04ef1514c2a53af24_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-csi-external-provisioner@sha256:5defe4e2720a57900cb1b173e50a89e08d82b32d87a93dc04ef1514c2a53af24_ppc64le |
| Red Hat | openshift4/ose-installer-artifacts@sha256:8f4b5eae09172c1579a9500a4d1d848ee0d10a59e3b612826b06cbe60d654288_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-openstack-cluster-api-controllers-rhel8@sha256:b30743a63c92650ae60c91db4be383a8a6f9c69859abbffdf7d3553acc16a155_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-image-customization-controller-rhel8@sha256:6f6262ee63a6fa47cac5f47a9a33068792df7b93cb32bd3aaf1192959ef7a3d8_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-image-customization-controller-rhel8@sha256:6f6262ee63a6fa47cac5f47a9a33068792df7b93cb32bd3aaf1192959ef7a3d8_arm64 |
| Red Hat | openshift4/ose-deployer@sha256:fda19a2b12e15f8f90573df25d8fae18331aeb0857a8da27d22ec1d87ce9b11c_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:835d837507cc6f1427a4cfaf2c6c569f45296e587a9229c78d19ccc462dfef05_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:13cb5aed76279fba1a8e69115c9e6d40aec6464ec10813776bd2a21a74a405b3_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | openshift4/ose-must-gather@sha256:fbe35d0aa9283d02af53b40fb143dc7adbfbb0b762e92c7d3894cf2c6283f612_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-olm-rukpak-rhel8@sha256:db12b2242984c3532be1a43749f2c4ccee7f49733c39e981dd09ee2e619b4304_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-olm-rukpak-rhel8@sha256:db12b2242984c3532be1a43749f2c4ccee7f49733c39e981dd09ee2e619b4304_ppc64le |
| Red Hat | openshift4/ose-hypershift-rhel9@sha256:5dc7f2e5d2687145263d28b72614b21b0390e14f656b51fffc0fa0e2f6718b8b_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:5d6fabdbf12999fd56a928b7127f3afc2c3830499a4cf3e8311922e6b23369a9_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:5d6fabdbf12999fd56a928b7127f3afc2c3830499a4cf3e8311922e6b23369a9_amd64 |
| Red Hat | openshift4/ose-network-interface-bond-cni-rhel8@sha256:e160e2495dcce1f196b3c53e91addfe4b5daaaf1df22330ecef73216da0c6677_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
…and 512 more
Timeline
- Jan 29, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://go.dev/issue/70906 advisory
- https://access.redhat.com/errata/RHSA-2025:0646 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2276518 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://issues.redhat.com/browse/OCPBUGS-36247 advisory
- https://issues.redhat.com/browse/OCPBUGS-44259 advisory
- https://issues.redhat.com/browse/OCPBUGS-44708 advisory
- https://issues.redhat.com/browse/OCPBUGS-46389 advisory
- https://issues.redhat.com/browse/OCPBUGS-47633 advisory
- https://issues.redhat.com/browse/OCPBUGS-47756 advisory
- https://issues.redhat.com/browse/OCPBUGS-47799 advisory
- https://issues.redhat.com/browse/OCPBUGS-48048 advisory
- https://issues.redhat.com/browse/OCPBUGS-48062 advisory
- https://issues.redhat.com/browse/OCPBUGS-48207 advisory
- https://issues.redhat.com/browse/OCPBUGS-48280 advisory
- https://issues.redhat.com/browse/OCPBUGS-48281 advisory
- https://issues.redhat.com/browse/OCPBUGS-48298 advisory
- https://issues.redhat.com/browse/OCPBUGS-48545 advisory
- https://issues.redhat.com/browse/OCPBUGS-48551 advisory
…and 10 more