rpm package
opensuse/tempo-cli&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/tempo-cli&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-28377 | Hig | 7.5 | < 2.10.3-1.1 | 2.10.3-1.1 | Mar 26, 2026 | A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow for reporting this vulnerability | |
| CVE-2026-25679 | Hig | 7.5 | < 2.10.4-1.1 | 2.10.4-1.1 | Mar 6, 2026 | url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. |
- affected < 2.10.3-1.1fixed 2.10.3-1.1
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow for reporting this vulnerability
- affected < 2.10.4-1.1fixed 2.10.4-1.1
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.