CVE-2026-62147
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Description
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-863
Source
NVD
Vendor
Red Hat
Product
Red Hat OpenShift distributed tracing 3
Discussion (0)
Add Comment
No comments yet. Be the first!