VDB

RHSA-2025%3A14820

RHSA-2025%3A14820 PUBLISHED CVSS 7.099999904632568 HIGH

A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability.

Risk Scores

CVSS 3.0
7.099999904632568
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:7a47962332e766025b3ae9e0d049a0c7b2c8312ff696a6f81645fcfe9b1e2f0e_amd64 as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:7a47962332e766025b3ae9e0d049a0c7b2c8312ff696a6f81645fcfe9b1e2f0e_amd64, registry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:7a47962332e766025b3ae9e0d049a0c7b2c8312ff696a6f81645fcfe9b1e2f0e_amd64, registry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:7a47962332e766025b3ae9e0d049a0c7b2c8312ff696a6f81645fcfe9b1e2f0e_amd64
Red Hatregistry.redhat.io/openshift4/ose-machine-os-images-rhel9@sha256:3c67e68d8207eb0dca7c215e35c88d93654dcc859c5c7baff188ff8e270421ee_ppc64le as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-machine-os-images-rhel9@sha256:3c67e68d8207eb0dca7c215e35c88d93654dcc859c5c7baff188ff8e270421ee_ppc64le, registry.redhat.io/openshift4/ose-machine-os-images-rhel9@sha256:3c67e68d8207eb0dca7c215e35c88d93654dcc859c5c7baff188ff8e270421ee_ppc64le, registry.redhat.io/openshift4/ose-machine-os-images-rhel9@sha256:3c67e68d8207eb0dca7c215e35c88d93654dcc859c5c7baff188ff8e270421ee_ppc64le
Red Hatregistry.redhat.io/openshift4/ose-operator-marketplace-rhel9@sha256:8a497a70c08c1a1c142e902acbb2b9ec6df6e4d32b3b24c9aa982aae96f089d5_ppc64le as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-operator-marketplace-rhel9@sha256:8a497a70c08c1a1c142e902acbb2b9ec6df6e4d32b3b24c9aa982aae96f089d5_ppc64le, registry.redhat.io/openshift4/ose-operator-marketplace-rhel9@sha256:8a497a70c08c1a1c142e902acbb2b9ec6df6e4d32b3b24c9aa982aae96f089d5_ppc64le, *
Red Hatregistry.redhat.io/openshift4/network-tools-rhel9@sha256:0ce0b2ec869723bf1ef0193a2f70f469556c363a88d41baea4c625c615cdea52_ppc64le as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/network-tools-rhel9@sha256:0ce0b2ec869723bf1ef0193a2f70f469556c363a88d41baea4c625c615cdea52_ppc64le, registry.redhat.io/openshift4/network-tools-rhel9@sha256:0ce0b2ec869723bf1ef0193a2f70f469556c363a88d41baea4c625c615cdea52_ppc64le, registry.redhat.io/openshift4/network-tools-rhel9@sha256:0ce0b2ec869723bf1ef0193a2f70f469556c363a88d41baea4c625c615cdea52_ppc64le
Red Hatregistry.redhat.io/openshift4/ose-azure-disk-csi-driver-rhel9-operator@sha256:cd6b2a09c10ff8313b6e7772d129f610a401f44f7e2e033dd77de91961165b2a_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-ironic-rhel9@sha256:172d6b24902b13c6493ee1dee5aff4e474b16a982500927c2b6634b049e34294_amd64 as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-ironic-rhel9@sha256:172d6b24902b13c6493ee1dee5aff4e474b16a982500927c2b6634b049e34294_amd64, *, *
Red Hatregistry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:d0d505849fda4b640ea95bdd96fa11b2257ad3f480045cbbe41c78bdf52aba4c_ppc64le as a component of Red Hat OpenShift Container Platform 4.18*, registry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:d0d505849fda4b640ea95bdd96fa11b2257ad3f480045cbbe41c78bdf52aba4c_ppc64le, registry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:d0d505849fda4b640ea95bdd96fa11b2257ad3f480045cbbe41c78bdf52aba4c_ppc64le
Red Hatregistry.redhat.io/openshift4/ose-keepalived-ipfailover-rhel9@sha256:dbb088683a748bca1691afc439d012e00e782744a059c9cddf62e5ed1447455f_amd64 as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-keepalived-ipfailover-rhel9@sha256:dbb088683a748bca1691afc439d012e00e782744a059c9cddf62e5ed1447455f_amd64, registry.redhat.io/openshift4/ose-keepalived-ipfailover-rhel9@sha256:dbb088683a748bca1691afc439d012e00e782744a059c9cddf62e5ed1447455f_amd64, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:8cc048e598f49262341608d9326559432b12519b2108b232c0a88eca7a82fdcd_s390x as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:8cc048e598f49262341608d9326559432b12519b2108b232c0a88eca7a82fdcd_s390x, registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:8cc048e598f49262341608d9326559432b12519b2108b232c0a88eca7a82fdcd_s390x, registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:8cc048e598f49262341608d9326559432b12519b2108b232c0a88eca7a82fdcd_s390x
Red Hatregistry.redhat.io/openshift4/ose-gcp-cluster-api-controllers-rhel9@sha256:53b3d183dff1cf1aec91426c1a034181f12fa5010323372e70ff1451f35343b9_ppc64le as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-gcp-cluster-api-controllers-rhel9@sha256:53b3d183dff1cf1aec91426c1a034181f12fa5010323372e70ff1451f35343b9_ppc64le, registry.redhat.io/openshift4/ose-gcp-cluster-api-controllers-rhel9@sha256:53b3d183dff1cf1aec91426c1a034181f12fa5010323372e70ff1451f35343b9_ppc64le, registry.redhat.io/openshift4/ose-gcp-cluster-api-controllers-rhel9@sha256:53b3d183dff1cf1aec91426c1a034181f12fa5010323372e70ff1451f35343b9_ppc64le
Red Hatregistry.redhat.io/openshift4/ose-agent-installer-orchestrator-rhel9@sha256:d4062ae5ebeb853a210f54254e1c0e48e484458113c651871f0a1e3658aabc74_amd64 as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-agent-installer-orchestrator-rhel9@sha256:d4062ae5ebeb853a210f54254e1c0e48e484458113c651871f0a1e3658aabc74_amd64, registry.redhat.io/openshift4/ose-agent-installer-orchestrator-rhel9@sha256:d4062ae5ebeb853a210f54254e1c0e48e484458113c651871f0a1e3658aabc74_amd64, registry.redhat.io/openshift4/ose-agent-installer-orchestrator-rhel9@sha256:d4062ae5ebeb853a210f54254e1c0e48e484458113c651871f0a1e3658aabc74_amd64
Red Hatregistry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:6e0b23bfa08aa9041309ffba013b8fbb272e8deb92d83bfe2af1f1ee94533235_s390x as a component of Red Hat OpenShift Container Platform 4.18*, registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:6e0b23bfa08aa9041309ffba013b8fbb272e8deb92d83bfe2af1f1ee94533235_s390x, registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:6e0b23bfa08aa9041309ffba013b8fbb272e8deb92d83bfe2af1f1ee94533235_s390x
Red Hatregistry.redhat.io/openshift4/ose-cluster-config-api-rhel9@sha256:06d52abfcd7bfb38480264aa18663973b133a4aba39f1109db3b605a81ca45f9_ppc64le as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-cluster-config-api-rhel9@sha256:06d52abfcd7bfb38480264aa18663973b133a4aba39f1109db3b605a81ca45f9_ppc64le, registry.redhat.io/openshift4/ose-cluster-config-api-rhel9@sha256:06d52abfcd7bfb38480264aa18663973b133a4aba39f1109db3b605a81ca45f9_ppc64le, registry.redhat.io/openshift4/ose-cluster-config-api-rhel9@sha256:06d52abfcd7bfb38480264aa18663973b133a4aba39f1109db3b605a81ca45f9_ppc64le
Red Hatregistry.redhat.io/openshift4/ose-gcp-pd-csi-driver-operator-rhel9@sha256:a05e4f4d7b2f90f87acea8276137e789ee1f3f11913515a9adc8ffe20a612274_arm64 as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-operator-rhel9@sha256:a05e4f4d7b2f90f87acea8276137e789ee1f3f11913515a9adc8ffe20a612274_arm64, *, registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-operator-rhel9@sha256:a05e4f4d7b2f90f87acea8276137e789ee1f3f11913515a9adc8ffe20a612274_arm64
Red Hatregistry.redhat.io/openshift4/ose-cluster-version-rhel9-operator@sha256:65d67c5879a5a2667a44fd70434bbfb1b5c39fce94f3bedfdac65a5d3d128fcf_ppc64le as a component of Red Hat OpenShift Container Platform 4.18*, *, registry.redhat.io/openshift4/ose-cluster-version-rhel9-operator@sha256:65d67c5879a5a2667a44fd70434bbfb1b5c39fce94f3bedfdac65a5d3d128fcf_ppc64le
Red Hatregistry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:720bee107d4056d6c6a2a96af5f79709e1da17c445e08adad1714f1ee8939193_arm64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-azure-cloud-controller-manager-rhel9@sha256:7da284e7d4a33a3c46922673324213de447f99dfb7cf120c5bf184816fe58387_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-installer-altinfra-rhel9@sha256:e6230510f507b363ca68b4b2a1709e4245caf92adcdc7b6de7370762a69c0ac4_arm64 as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-installer-altinfra-rhel9@sha256:e6230510f507b363ca68b4b2a1709e4245caf92adcdc7b6de7370762a69c0ac4_arm64, *, registry.redhat.io/openshift4/ose-installer-altinfra-rhel9@sha256:e6230510f507b363ca68b4b2a1709e4245caf92adcdc7b6de7370762a69c0ac4_arm64
Red Hatregistry.redhat.io/openshift4/egress-router-cni-rhel9@sha256:7abb53267f55b4b466a8a52c17b3660ebaa7e4ddfb4da0068a7a59f1c6d8e9b8_s390x as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/egress-router-cni-rhel9@sha256:7abb53267f55b4b466a8a52c17b3660ebaa7e4ddfb4da0068a7a59f1c6d8e9b8_s390x, *, registry.redhat.io/openshift4/egress-router-cni-rhel9@sha256:7abb53267f55b4b466a8a52c17b3660ebaa7e4ddfb4da0068a7a59f1c6d8e9b8_s390x
Red Hatregistry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:720bee107d4056d6c6a2a96af5f79709e1da17c445e08adad1714f1ee8939193_arm64 as a component of Red Hat OpenShift Container Platform 4.18registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:720bee107d4056d6c6a2a96af5f79709e1da17c445e08adad1714f1ee8939193_arm64, registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:720bee107d4056d6c6a2a96af5f79709e1da17c445e08adad1714f1ee8939193_arm64, *

…and 1289 more

Timeline

  • Sep 4, 2025 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Jun 18, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›