A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.
History

Wed, 09 Apr 2025 20:45:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
References

Thu, 03 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 02 Apr 2025 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 02 Apr 2025 11:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.
Title Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator
First Time appeared Redhat
Redhat openshift Distributed Tracing
Weaknesses CWE-200
CPEs cpe:/a:redhat:openshift_distributed_tracing:3
Vendors & Products Redhat
Redhat openshift Distributed Tracing
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-04-02T11:07:43.285Z

Updated: 2025-10-10T00:40:22.053Z

Reserved: 2025-03-25T10:51:16.783Z

Link: CVE-2025-2786

cve-icon Vulnrichment

Updated: 2025-04-02T13:53:32.587Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-04-02T11:15:39.300

Modified: 2025-04-09T21:16:25.720

Link: CVE-2025-2786

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-03-25T00:00:00Z

Links: CVE-2025-2786 - Bugzilla