VYPR

rpm package

opensuse/tempo-cli&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/tempo-cli&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2026-28377HigMar 26, 2026
    affected < 2.10.3-1.1fixed 2.10.3-1.1

    A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow for reporting this vulnerability

  • CVE-2026-25679HigMar 6, 2026
    affected < 2.10.4-1.1fixed 2.10.4-1.1

    url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.