Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework

Post-quantum migration in Transport Layer Security TLS requires evidence-aware measurements that distinguish session negotiation, endpoint capability, certificate-chain evidence, and the provenance of missing observations. This distinction is essential under TLS 1.3 encryption, resumption, mutual...

CVE-2024-42368

The CVE-2024-42368 issue affects the bearertokenauth server authenticator in OpenTelemetry Collector contributions. A timing-discrepancy arises from non-constant time string comparisons of bearer tokens, enabling a network-adjacent attacker to infer the configured token by measuring response time...

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

CVE-2023-43810

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

CVE-2023-43810

CVE-2023-43810 concerns OpenTelemetry instrumentation. Autoinstrumentation may expose an unbounded http_method label, enabling memory exhaustion under large numbers of crafted requests. Affected if the application is instrumented for HTTP handlers and does not filter non-standard methods at CDN/L...