CVE-2024-52973 Kibana allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/logentries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana...

PT-2025-2949 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to "/api/log entries/summary". This can be carried out by users wi...

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release

A new version of Red Hat OpenShift distributed tracing platform Tempo has been released Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures b...

CVE-2024-52060

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in RTI Connext Professional Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service allows Buffer Overflow via Environment Variables.This issue affects Connext...

PT-2024-35111 · Real Time Innovations · Rti Connext Professional

Name of the Vulnerable Software and Affected Versions: RTI Connext Professional versions 5.3.0 through 5.3.1.45 RTI Connext Professional versions 6.0.0 through 6.0. RTI Connext Professional versions 6.1.0 through 6.1.2.21 RTI Connext Professional versions 7.0.0 through 7.3.0.5 Description: The...

Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release

A new version of Red Hat OpenShift distributed tracing platform Tempo has been released Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures b...

Security Bulletin: IBM Observability with Instana is vulnerable to Improper Validation of Specified Type of Input

Summary Golang Go is used by IBM Instana Observability as part of the elasticsearch-operator CVE-2024-24790 . This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 286 Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 284 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially...

BIT-CILIUM-OPERATOR-2024-52529 Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range AND 2. A Layer 7 allow policy that selects a specific port within the first policy's range...

BIT-CILIUM-2024-52529 Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range AND 2. A Layer 7 allow policy that selects a specific port within the first policy's range...

This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...

PT-2025-2948 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to "/api/metrics/snapshot". This can be carried out by users with...

Let’s use OpenTelemetry with Spring

Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...

BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 283 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorre...

BIT-CILIUM-2024-47825 CIDR deny policies may not take effect when a more narrow CIDR allow is present

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSe...

Important: Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift

Network Observability 1.7 for Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2024-47825

CVE-2024-47825 affects Cilium's policy evaluation in versions prior to 1.14.16 and 1.15.10, where a rule denying a wide CIDR (> /32) could be ignored if a narrower rule references CIDRSet or toFQDN and uses enableDefaultDeny: false or toEntities: all. The issue is mitigated by upgrading to Cil...