Lucene search
K

27 matches found

CVE
CVE
added yesterday9 views

CVE-2026-62147

CVE-2026-62147 affects the Tempo Operator, specifically its gateway component. When query RBAC is enabled, the gateway fails to consistently apply namespace-scoped redaction on certain query API response paths, allowing an authenticated user to read span attributes belonging to other tenants’ nam...

6.5CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday9 views

CVE-2026-62147

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Mitigation There is no mitigation or workarou...

6.5CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.13 views

GO-2026-4996 Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator...

4.3CVSS5.8AI score0.00336EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42380

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator...

4.3CVSS5.8AI score0.00336EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-9524

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00336EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9549

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00355EPSS
Exploits0References5
OSV
OSV
added 2025/04/02 3:31 p.m.4 views

GHSA-5XF3-GMX4-529V Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

4.3CVSS5.7AI score0.00355EPSS
Exploits0References9
OSV
OSV
added 2025/04/02 3:31 p.m.7 views

GHSA-28GR-56HR-PRP6 Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...

4.3CVSS5.8AI score0.00336EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/04/02 3:31 p.m.13 views

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...

4.3CVSS5.8AI score0.00336EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/02 3:31 p.m.18 views

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

4.3CVSS5.7AI score0.00355EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/04/02 12:15 p.m.14 views

CVE-2025-2842

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

4.3CVSS0.00355EPSS
Exploits0References5
Snyk
Snyk
added 2025/04/02 11:44 a.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions when using the Jaeger UI Monitor tab on OpenShift. A user with create permissions on TempoStack and get permissions on a namespaced Secret can read the token of the Tempo service account and subsequently...

5.3CVSS6.8AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/02 11:44 a.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions when using the Jaeger UI Monitor tab on OpenShift. A user with create permissions on TempoStack and get permissions on a namespaced Secret can read the token of the Tempo service account and subsequently...

5.3CVSS6.8AI score0.00355EPSS
Exploits0References2
NVD
NVD
added 2025/04/02 11:15 a.m.16 views

CVE-2025-2786

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...

4.3CVSS0.00336EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/02 11:9 a.m.4 views

CVE-2025-2842 Tempo-operator: tempo operator token exposition lead to read sensitive data

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

4.3CVSS6.9AI score0.00355EPSS
Exploits0References5
CVE
CVE
added 2025/04/02 11:9 a.m.111 views

CVE-2025-2842

Summary: CVE-2025-2842 affects the Tempo Operator when the Jaeger UI Monitor Tab is enabled. The operator creates a ClusterRoleBinding for the Tempo instance’s service account to grant the cluster-monitoring-view role, enabling a user with modest permissions (e.g., create on TempoStack and get on...

4.3CVSS6.9AI score0.00355EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/02 11:9 a.m.29 views

CVE-2025-2842 Tempo-operator: tempo operator token exposition lead to read sensitive data

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

4.3CVSS0.00355EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/02 11:7 a.m.6 views

CVE-2025-2786 Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...

4.3CVSS7AI score0.00336EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/04/02 11:7 a.m.19 views

CVE-2025-2842

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

4.3CVSS6.9AI score0.00355EPSS
Exploits0References3
CVE
CVE
added 2025/04/02 11:7 a.m.127 views

CVE-2025-2786

CVE-2025-2786 affects Grafana Tempo Operator. A flaw during TempoStack/TempoMonolithic deployment creates a ServiceAccount, ClusterRole, and ClusterRoleBinding, enabling a user with full access to their namespace to extract the ServiceAccount token and use TokenReview and SubjectAccessReview requ...

4.3CVSS7AI score0.00336EPSS
Exploits0References5
Rows per page
Query Builder