Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 5:24 p.m.18 views

OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...

5.6AI score0.00017EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/10 5:24 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the bearerTokenFile field in the ServiceMonitor resource. An attacker can exfiltrate sensitive files from the pod filesystem by configuring a ServiceMonitor to reference arbitrary files and directing the scrape...

7.7CVSS5.9AI score0.00017EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 5:24 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the bearerTokenFile field in the ServiceMonitor resource. An attacker can exfiltrate sensitive files from the pod filesystem by configuring a ServiceMonitor to reference arbitrary files and directing the scrape...

7.7CVSS5.9AI score0.00017EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/26 11:2 a.m.8 views

Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.0 release

Red Hat build of OpenTelemetry 3.9.0 has been released This release of the Red Hat build of OpenTelemetry provides new features, security improvements, and bug fixes. Breaking changes: The deprecated OpenCensus Receiver, which provided backward compatibility with the OpenCensus project for easier...

7.5CVSS7AI score0.01945EPSS
Exploits0References3
Rows per page
Query Builder