Lucene search
K

6 matches found

OSV
OSV
added 2026/03/27 12:31 a.m.7 views

GHSA-FFQX-Q65F-36JF Grafana Tempo has Inadequate Encryption Strength

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Grafana thanks williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/27 12:31 a.m.4 views

EUVD-2026-16424

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 12:31 a.m.9 views

Grafana Tempo has Inadequate Encryption Strength

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Grafana thanks williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/26 10:16 p.m.6 views

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:39 p.m.4 views

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 9:39 p.m.25 views

CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS0.00155EPSS
Exploits0References1
Rows per page
Query Builder