CVE-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

CVE-2026-10601

CVE-2026-10601 affects Grafana Tempo and Loki datasource plugins. The root cause is unsanitized user input interpolated into backend HTTP URL paths, enabling path traversal. A Viewer-role user can (1) retrieve admin-configured datasource credentials via an attacker-controlled endpoint, (2) trigge...

CVE-2019-5095

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin...

Atlassian Jira 7.x < 7.0.3 Software Tempo Plugin Xml Denial Of Service

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by a issue in the TM Software Tempo Plugin which does not properly restrict the capabilities of 3rd party XML parsers, which allows remote...

Atlassian Jira 6.5.x < 6.5.0.2 Software Tempo Plugin Xml Denial Of Service

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by a issue in the TM Software Tempo Plugin which does not properly restrict the capabilities of 3rd party XML parsers, which allows remote...

Atlassian Jira < 6.4.3.1 / 6.5.x < 6.5.0.2 / 7.x < 7.0.3 Software Tempo Plugin Xml Denial Of Service

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by a issue in the TM Software Tempo Plugin which does not properly restrict the capabilities of 3rd party XML parsers, which allows remote...

CVE-2019-5095

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin...

CVE-2019-5095

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin...

Information disclosure

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin...

Atlassian Jira Tempo plugin issue summary information disclosure vulnerability

Summary An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira Tempo Core syste...

CVE-2012-2927

The CVE-2012-2927 vulnerability applies to Atlassian Jira with the TM Software Tempo Plugin. The Tempo Plugin versions affected are: 6.4.3.1 and earlier in the 6.5.x line prior to 6.5.0.2, and 7.x prior to 7.0.3. The issue is that the plugin does not properly restrict the capabilities of third‑pa...