CVE-2026-28377
The CVE-2026-28377 issue affects Grafana Tempo (tempo package) where the /status/config endpoint exposes the S3 SSE-C encryption key in plaintext, enabling unauthorized access to the key used for tracing data stored in S3. Affected component/file: the Tempo S3 backend (tempodb/backend/s3) as desc...