CVE-2025-2786
Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator
A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.
Reserved 2025-03-25 | Published 2025-04-02 | Updated 2025-05-22 | Assigner redhatExposure of Sensitive Information to an Unauthorized Actor
| 2025-03-25: | Reported to Red Hat. |
| 2025-03-25: | Made public. |
access.redhat.com/errata/RHSA-2025:3607 (RHSA-2025:3607)
access.redhat.com/errata/RHSA-2025:3740 (RHSA-2025:3740)
access.redhat.com/security/cve/CVE-2025-2786
bugzilla.redhat.com/show_bug.cgi?id=2354811 (RHBZ#2354811)
Support options
