CVE-2025-2786
MEDIUMRed Hat OpenShift distributed tracing 3.5.1 - Exposure of Sensitive Information via Tempo Operator ServiceAccount
Title source: llmDescription
A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.
References (5)
Core 5
Core References
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2354811
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3607
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3740
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-2786
Scores
CVSS v3
4.3
EPSS
0.0027
EPSS Percentile
50.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (4)
grafana/tempo-operator
0 - 0.16.0Go
Red Hat/Red Hat OpenShift distributed tracing 3
Red Hat/Red Hat OpenShift distributed tracing 3.5.1
sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0
Red Hat/Red Hat OpenShift distributed tracing 3.5.1
sha256:be2ec2e3d3b21748cfe3b9382f7fc1f6c72d5f380fc97773518c254c6e5794ca
Published
Apr 02, 2025
Tracked Since
Feb 18, 2026