284 matches found
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-8F82-53H8-2P34 vulnerabilities
Vulnerabilities for packages: vault, splunk-otel-collector, splunk-otel-collector-fips...
CVE-2024-32028
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore the url.full writes attribute/tag on spans Activity when tracing is enabled for outgoing http requests and...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...
AZL-58854 CVE-2025-0495 affecting package moby-buildx for versions less than 0.7.1-25
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
...
Fluent Bit 安全漏洞
Fluent Bit is an open source log processing and analyzing system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit version 3.1.9, which stems from the presence of a null pointer reference in the OpenTelemetry plugin, which can lead to a remote denial of service...
Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling bsc1232970 Highlights of other changes: Performance: Significant...
The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib, relates to the distribution of resources without any restrictions or regulations. This allows a malicious actor to cause service failures.
The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the distribution of resources without any restrictions or regulation when adding the net.peer.sock.addr and net.peer.sock.port tags, which have unrestricted...
GO-2024-3066 open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension...
open-telemetry has an Observable Timing Discrepancy
Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...
Malicious code in Be.Vlaanderen.Basisregіsters.OpenTеlemetrу.Elаstic.Apm (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaanderеո.Basisregistеrs.OpеnTelemetry (NuGet)
--- -= Per source details. Do not edit below this line.=-...
PT-2024-24366 · Opentelemetry · Opentelemetry.Instrumentation.Aspnetcore +1
Name of the Vulnerable Software and Affected Versions: OpenTelemetry.Instrumentation.Http versions prior to 1.8.1 OpenTelemetry.Instrumentation.AspNetCore versions prior to 1.8.1 Description: The issue concerns the OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore...
Important: cri-tools
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics
A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system...