Back to CVE List

CVE-2026-62147

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-863
Source
NVD
Vendor
Red Hat
Product
Red Hat OpenShift distributed tracing 3

External References

Discussion (0)

Add Comment

No comments yet. Be the first!