rhsa-2025:3607
Vulnerability from csaf_redhat
Published
2025-04-04 13:38
Modified
2025-04-17 07:51
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 release
Notes
Topic
Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 has been released
Details
Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features.
The Red Hat OpenShift distributed tracing (Tempo) 3.5.1 is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] release 2.7.1.
Breaking changes:
* With this update, for a user to create or modify a TempoStack or TempoMonolithic CR with enabled multi-tenancy, the user must have permissions to create a TokenReview and SubjectAccessReview.
Deprecations:
* Nothing
Technology Preview features:
* Nothing
Enhancements:
* Nothing
Bug fixes:
* https://access.redhat.com/security/cve/CVE-2025-2786
* https://access.redhat.com/security/cve/CVE-2025-2842
Known issues:
* Currently, when the OpenShift tenancy mode is enabled, the ServiceAccount of the gateway component of a TempoStack or TempoMonolithic instance requires the TokenReview and SubjectAccessReview permissions for authorization. Workaround: deploy the instance in a dedicated namespace, and carefully audit which users have permission to read the Secrets in this namespace.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 has been released", title: "Topic", }, { category: "general", text: "Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features.\nThe Red Hat OpenShift distributed tracing (Tempo) 3.5.1 is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] release 2.7.1.\n\nBreaking changes:\n* With this update, for a user to create or modify a TempoStack or TempoMonolithic CR with enabled multi-tenancy, the user must have permissions to create a TokenReview and SubjectAccessReview.\n\nDeprecations:\n* Nothing\n\nTechnology Preview features:\n* Nothing\n\nEnhancements:\n* Nothing\n\nBug fixes:\n* https://access.redhat.com/security/cve/CVE-2025-2786\n* https://access.redhat.com/security/cve/CVE-2025-2842\n\nKnown issues:\n* Currently, when the OpenShift tenancy mode is enabled, the ServiceAccount of the gateway component of a TempoStack or TempoMonolithic instance requires the TokenReview and SubjectAccessReview permissions for authorization. Workaround: deploy the instance in a dedicated namespace, and carefully audit which users have permission to read the Secrets in this namespace.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:3607", url: "https://access.redhat.com/errata/RHSA-2025:3607", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2025-2786", url: "https://access.redhat.com/security/cve/CVE-2025-2786", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2025-2842", url: "https://access.redhat.com/security/cve/CVE-2025-2842", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2025-30204", url: "https://access.redhat.com/security/cve/CVE-2025-30204", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/", url: "https://access.redhat.com/security/updates/classification/", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo", url: "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3607.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 release", tracking: { current_release_date: "2025-04-17T07:51:45+00:00", generator: { date: "2025-04-17T07:51:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:3607", initial_release_date: "2025-04-04T13:38:55+00:00", revision_history: [ { date: "2025-04-04T13:38:55+00:00", number: "1", summary: "Initial version", }, { date: "2025-04-04T13:38:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-17T07:51:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift distributed tracing 3.5.1", product: { name: "Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift distributed tracing", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", product: { name: "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", product_id: "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", product_identification_helper: { purl: "pkg:oci/tempo-operator-bundle@sha256%3A295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808?arch=amd64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743172309", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", product_id: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", product_identification_helper: { purl: "pkg:oci/tempo-gateway-rhel8@sha256%3A630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669?arch=amd64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162375", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", product: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", product_id: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", product_identification_helper: { purl: "pkg:oci/tempo-jaeger-query-rhel8@sha256%3Aa3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c?arch=amd64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162349", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", product_id: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", product_identification_helper: { purl: "pkg:oci/tempo-gateway-opa-rhel8@sha256%3A2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c?arch=amd64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162273", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", product_id: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", product_identification_helper: { purl: "pkg:oci/tempo-rhel8-operator@sha256%3Aa494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a?arch=amd64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162265", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", product: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", product_id: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", product_identification_helper: { purl: "pkg:oci/tempo-query-rhel8@sha256%3Aebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266?arch=amd64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", product_id: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", product_identification_helper: { purl: "pkg:oci/tempo-rhel8@sha256%3A486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e?arch=amd64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", product_id: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", product_identification_helper: { purl: "pkg:oci/tempo-gateway-rhel8@sha256%3A133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415?arch=arm64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162375", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", product: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", product_id: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", product_identification_helper: { purl: "pkg:oci/tempo-jaeger-query-rhel8@sha256%3Aef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2?arch=arm64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162349", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", product_id: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", product_identification_helper: { purl: "pkg:oci/tempo-gateway-opa-rhel8@sha256%3Aadba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927?arch=arm64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162273", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", product_id: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", product_identification_helper: { purl: "pkg:oci/tempo-rhel8-operator@sha256%3A29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf?arch=arm64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162265", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", product: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", product_id: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", product_identification_helper: { purl: "pkg:oci/tempo-query-rhel8@sha256%3A0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597?arch=arm64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", product_id: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", product_identification_helper: { purl: "pkg:oci/tempo-rhel8@sha256%3A97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59?arch=arm64&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", product_id: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", product_identification_helper: { purl: "pkg:oci/tempo-gateway-rhel8@sha256%3Ab6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228?arch=ppc64le&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162375", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", product: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", product_id: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", product_identification_helper: { purl: "pkg:oci/tempo-jaeger-query-rhel8@sha256%3A692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d?arch=ppc64le&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162349", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", product_id: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", product_identification_helper: { purl: "pkg:oci/tempo-gateway-opa-rhel8@sha256%3Ad44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c?arch=ppc64le&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162273", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", product_id: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", product_identification_helper: { purl: "pkg:oci/tempo-rhel8-operator@sha256%3Acbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e?arch=ppc64le&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162265", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", product: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", product_id: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", product_identification_helper: { purl: "pkg:oci/tempo-query-rhel8@sha256%3A2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9?arch=ppc64le&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", product_id: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", product_identification_helper: { purl: "pkg:oci/tempo-rhel8@sha256%3Ac409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494?arch=ppc64le&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", product_id: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", product_identification_helper: { purl: "pkg:oci/tempo-gateway-rhel8@sha256%3Af98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84?arch=s390x&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162375", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", product: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", product_id: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", product_identification_helper: { purl: "pkg:oci/tempo-jaeger-query-rhel8@sha256%3A7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02?arch=s390x&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162349", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", product: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", product_id: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", product_identification_helper: { purl: "pkg:oci/tempo-gateway-opa-rhel8@sha256%3Ab4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99?arch=s390x&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162273", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", product_id: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", product_identification_helper: { purl: "pkg:oci/tempo-rhel8-operator@sha256%3A233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0?arch=s390x&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162265", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", product: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", product_id: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", product_identification_helper: { purl: "pkg:oci/tempo-query-rhel8@sha256%3A4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222?arch=s390x&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", product: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", product_id: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", product_identification_helper: { purl: "pkg:oci/tempo-rhel8@sha256%3Afceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899?arch=s390x&repository_url=registry.redhat.io/rhosdt&tag=rhosdt-3.5-1743162275", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", }, product_reference: "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", }, product_reference: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", }, product_reference: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", }, product_reference: "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", }, product_reference: "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", }, product_reference: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", }, product_reference: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", }, product_reference: "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x as a component of Red Hat OpenShift distributed tracing 3.5.1", product_id: "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", }, product_reference: "registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.5.1", }, ], }, vulnerabilities: [ { cve: "CVE-2025-2786", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2025-03-25T11:13:18.903000+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2354811", }, ], notes: [ { category: "description", text: "A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.", title: "Vulnerability description", }, { category: "summary", text: "tempo-operator: ServiceAccount Token Exposure Leading to Token and Subject Access Reviews in OpenShift Tempo Operator", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has evaluated this vulnerability and rated with a Moderate impact as the attacker is limited to read access and requires previous permissions to read the token and get access to the cluster metrics.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-2786", }, { category: "external", summary: "RHBZ#2354811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354811", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-2786", url: "https://www.cve.org/CVERecord?id=CVE-2025-2786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-2786", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-2786", }, ], release_date: "2025-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-04T13:38:55+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3607", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tempo-operator: ServiceAccount Token Exposure Leading to Token and Subject Access Reviews in OpenShift Tempo Operator", }, { cve: "CVE-2025-2842", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2025-03-27T02:33:13.059000+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2355219", }, ], notes: [ { category: "description", text: "A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole.\nThis can be exploited if a user has 'create' permissions on TempoStack and 'get' permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token of the Tempo service account and therefore has access to see all cluster metrics.", title: "Vulnerability description", }, { category: "summary", text: "tempo-operator: Tempo Operator Token Exposition lead to read sensitive data", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has evaluated this vulnerability and rated with a Moderate impact as the attacker is limited to read access and requires previous permissions to read the token and get access to the cluster metrics.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-2842", }, { category: "external", summary: "RHBZ#2355219", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355219", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-2842", url: "https://www.cve.org/CVERecord?id=CVE-2025-2842", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-2842", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-2842", }, ], release_date: "2025-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-04T13:38:55+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3607", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tempo-operator: Tempo Operator Token Exposition lead to read sensitive data", }, { cve: "CVE-2025-30204", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2025-03-21T22:00:43.818367+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2354195", }, ], notes: [ { category: "description", text: "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-30204", }, { category: "external", summary: "RHBZ#2354195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-30204", url: "https://www.cve.org/CVERecord?id=CVE-2025-30204", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", url: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", url: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", }, ], release_date: "2025-03-21T21:42:01.382000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-04T13:38:55+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3607", }, { category: "workaround", details: "Red Hat Product Security does not have a recommended mitigation at this time.", product_ids: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:2c10ff99cecd5a80f8cd59dfb74bf768bd3e8fc87616be30f2439ab1c1f32c3c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:adba030ecb2f998e52a136ce0e1c2d36909888b89fe7d1e7c95b5da5d6f8e927_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b4c535900eeae9ff1ce2d08f3fe8b819eed633431a2906859335889549883b99_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:d44758883d9bd4ce3246a92b71e81b72abf9051851d34aa4d98594951fd3082c_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:133f4f1087b0e199f211007ceb2aeae9b9202c5961e812ea4aa037d375a93415_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:630e24b5a39e415fbe48843ca18908634d55af2051a3f76dd538b6978f1e3669_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b6c27629f411b90f3a7e5b27732f250c7dfa57d75ee1636de644a4d40a65d228_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f98634834feb77a03d96abf8264ce3a433f44c5645b2623793fb5d0193d8cf84_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:692a0a623566b428ec580408ddca17c9f5cbfb5bfb4de7fe694889cc1bb58e9d_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:7ca83d25a1436f91241449b12e1fb67ebc7384329b2c7988d3271d3d35302c02_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:a3439dd373ac34a13a99510275007e9229e07cddc6fc6db09aa7f952adbfaa4c_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:ef4cfa8974700cb4fcff1ac31ee648fd733c9205bf3432f3b4e291838a6413d2_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:295309554800a4a1d5d0646c8ec776e2f712cd13cebb085078df5ba85d604808_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0e7b8b0a049d4e5468138d4578cdd051b13257f6cdf59c64319c4769bcce7597_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:2483855a80e228e5cd2e02b10b7941417426838b1111c21c4e08e5166027aea9_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4a99b059bc5edc891b048822c9da5a654b163756e647ecd6da38b81fb5563222_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:ebb8923f54cf129d88142a20a3936677dcb631b5e411b4e0782d6020e6682266_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:233132300a9f5f019047a414b240f5b32c7563af8107bb52c4395892fdcd0fe0_s390x", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:29c1be152c9b2ca9fa8af25a10f156f8731b8396e8b2bc82d6b398a5e5027fdf_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:a494025181bea65d1d839460a4a3985a46dc5f62cf7939b69293b95de5b1563a_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:cbe0df797c34aebfec911c281fbfee9fe7713a4c45d778ae480cd6a7bcab202e_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:486d4627fa99b6b1002bb257f02c7c212ed5e65bf22e163ed96d542297bc753e_amd64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:97972d686b7df8acb5c859255f49d965a466dc9d445aa90f8aca3ac59d4d9e59_arm64", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c409c4b02e50e5f10e5da74f0692a194fb23db824aa49552c1e9ce76dbd74494_ppc64le", "Red Hat OpenShift distributed tracing 3.5.1:registry.redhat.io/rhosdt/tempo-rhel8@sha256:fceb29a4b587e61efdc89e5fc662b09767cc8750e86f17eaf3070b279b708899_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.