Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NDefault status
affected
Default status
affected
Description
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.
Problem types
Product status
Timeline
| 2026-07-13: | Reported to Red Hat. |
| 2026-07-13: | Made public. |
References
access.redhat.com/security/cve/CVE-2026-62147
bugzilla.redhat.com/show_bug.cgi?id=2499635 (RHBZ#2499635)