Описание
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
A flaw was found in pytest. This vulnerability allows local users to exploit insecure temporary directory handling, specifically the reliance on predictable directory names in /tmp/pytest-of-{user}. An attacker can leverage this to cause a denial of service (DoS) or potentially gain elevated privileges on the system.
Отчет
This vulnerability is rated Moderate for Red Hat products. The flaw in pytest allows a local attacker to cause a denial of service or potentially gain privileges by manipulating temporary directories in /tmp. This primarily affects systems where pytest is installed and executed by local users.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2 | openshift-service-mesh/grafana-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-cni-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-must-gather-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-operator-bundle | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-rhel8-operator | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/pilot-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/proxyv2-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/ratelimit-rhel8 | Fix deferred | ||
| Red Hat AI Inference Server | rhaiis/vllm-rocm-rhel9 | Fix deferred | ||
| Red Hat AI Inference Server | rhaiis/vllm-spyre-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS3
Связанные уязвимости
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytes ...
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
6.8 Medium
CVSS3