Lucene search
K

4 matches found

Chainguard
Chainguard
added 2026/04/25 1:17 a.m.10 views

CVE-2025-41118 vulnerabilities

Vulnerabilities for packages: grafana-pyroscope...

9.1CVSS5.1AI score0.00406EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/15 7:15 p.m.6 views

CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2026/04/15 7:15 p.m.3 views

CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

9.1CVSS7.1AI score0.00406EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/26 9:39 p.m.3 views

CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS5.9AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder