CVE-2025-2786

Source
https://cve.org/CVERecord?id=CVE-2025-2786
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2786.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2786
Aliases
Published
2025-04-02T11:07:43.285Z
Modified
2026-07-08T07:25:04.309657769Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator
Details

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2786.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/grafana/tempo-operator

Affected ranges

Type
GIT
Repo
https://github.com/grafana/tempo-operator
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.15.3"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.10.0
v0.11.0
v0.11.1
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.14.2
v0.15.0
v0.15.1
v0.15.2
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2786.json"