Lucene search
K

217 matches found

RedHat Linux
RedHat Linux
added 3 days ago6 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.1 release

Red Hat OpenShift distributed tracing platform Tempo 3.10.1 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements and bug fixes. Breaking changes: None Deprecations: None Technology Preview features: None Enhancements: None Bug...

5.3CVSS6AI score0.0037EPSS
Exploits0References4
OSV
OSV
added last week5 views

BIT-GRAFANA-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References2
Redos
Redos
added 2026/06/26 12:0 a.m.4 views

ROS-20260626-73-0006

The vulnerability related to tempo involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS5.8AI score0.00645EPSS
Exploits0
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5528 Grafana Tempo has an Uncontrolled Resource Consumption issue in github.com/grafana/tempo

Grafana Tempo has an Uncontrolled Resource Consumption issue in github.com/grafana/tempo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

7.5CVSS5.8AI score0.00645EPSS
Exploits0References7
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.7 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: cluster-api-provider-vsphere-fips, gitlab-runner, crossplane-provider-azure-purview, datadog-agent, flux-image-automation-controller, velero, crossplane-function-auto-ready-fips, dgraph, boring-registry-fips, k8s-agents-operator-fips, backup-restore-operator,...

5.3CVSS5.8AI score0.00237EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.8 views

CVE-2026-10601

A flaw was found in the Tempo and Loki datasource plugins. A remote attacker with a Viewer role could exploit a path traversal vulnerability by manipulating user-supplied input in URL paths. This could allow the attacker to capture sensitive administrator-configured datasource credentials, invoke...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 2:16 p.m.11 views

CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 1:18 p.m.31 views

CVE-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.86 views

CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 1:18 p.m.157 views

CVE-2026-10601

CVE-2026-10601 affects Grafana Tempo and Loki datasource plugins. The root cause is unsanitized user input interpolated into backend HTTP URL paths, enabling path traversal. A Viewer-role user can (1) retrieve admin-configured datasource credentials via an attacker-controlled endpoint, (2) trigge...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.4 views

CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.9AI score0.00258EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51299

Name of the Vulnerable Software and Affected Versions Tempo datasource plugin affected versions not specified Loki datasource plugin affected versions not specified Description These plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization,...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-10601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.10 views

CVE-2026-27878

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/19 7:2 p.m.5 views

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:2 p.m.21 views

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:2 p.m.4 views

CVE-2026-27878

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/19 7:2 p.m.22 views

CVE-2026-27878

Grafana Tempo is affected by CVE-2026-27878 due to a TraceQL query that uses a large exemplars hint value, which can cause the Tempo instance to allocate excessive memory and crash (out-of-memory) for an authenticated user, enabling a denial of service. The public documents describe the issue and...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51011

Name of the Vulnerable Software and Affected Versions Grafana Tempo affected versions not specified Description A TraceQL query containing a large exemplars hint value can lead to excessive memory allocation within the Tempo instance. This condition may result in an out-of-memory crash, allowing ...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/18 4:31 p.m.11 views

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.0 release

Red Hat OpenShift distributed tracing platform Tempo 3.10.0 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides new features, security improvements, and bug fixes. Breaking changes: None. Deprecations: None. Technology Preview features: None...

7.5CVSS7AI score0.01051EPSS
Exploits0References5
Rows per page
Query Builder