Moderate: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

RHSA-2025:15406 Red Hat Security Advisory: opentelemetry-collector security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Missing Authorization

Overview io.jenkins.plugins:opentelemetry is a Monitor and observe Jenkins with OpenTelemetry. Affected versions of this package are vulnerable to Missing Authorization due to the absence of a required permission check in the method implementing form validation. An attacker can access sensitive...

io.jenkins.plugins:junit-sql-storage (>=322.ve33b_238fb_757 <=324.v90e2a_a_a_a_0dd7) potentially affected by CVE-2025-58460 via io.jenkins.plugins:opentelemetry (=3.1215.vc9db_a_0b_34c2a_)

io.jenkins.plugins:opentelemetry MAVEN version =3.1215.vc9dba0b34c2a is affected by a known vulnerability. The following packages have a transitive dependency on io.jenkins.plugins:opentelemetry and may be impacted: - io.jenkins.plugins:junit-sql-storage =322.ve33b238fb757, =324.v90e2aaaa0dd7...

GHSA-F696-867G-2759 Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2025-58460

The CVE concerns the Jenkins OpenTelemetry Plugin (versions up to 3.1543.v8446b_92b_cd64) with a missing permission check. This allows attackers who have Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, enabling capture...

PT-2025-35782

Name of the Vulnerable Software and Affected Versions: Jenkins OpenTelemetry Plugin versions 3.1543.v8446b 92b cd64 and earlier Description: A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker, using credentials IDs obtained throu...

Jenkins OpenTelemetry Plugin 安全漏洞

Jenkins OpenTelemetry Plugin is an open source monitoring plugin for Jenkins. A security vulnerability exists in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and prior versions, which stems from a lack of privilege checking and could lead to credential disclosure...

Linux Distros Unpatched Vulnerability : CVE-2023-25151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhtt...

Linux Distros Unpatched Vulnerability : CVE-2025-0495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values...

Malicious code in opentelemetry-shopify (npm)

The package opentelemetry-shopify was found to contain malicious code...

MAL-2025-28340 Malicious code in opentelemetry-shopify (npm)

The package opentelemetry-shopify was found to contain malicious code...

AlmaLinux 9 : opentelemetry-collector (ALSA-2025:12831)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:12831 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

RHSA-2025:12850 Red Hat Security Advisory: opentelemetry-collector security update

Bulletin has no description...

RHSA-2025:12831 Red Hat Security Advisory: opentelemetry-collector security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2025:12850 Moderate: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...