CVE-2025-2842
- EPSS 0.04%
- Veröffentlicht 02.04.2025 12:15:14
- Zuletzt bearbeitet 09.04.2025 21:16:25
A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cl...
CVE-2025-2786
- EPSS 0.04%
- Veröffentlicht 02.04.2025 11:15:39
- Zuletzt bearbeitet 09.04.2025 21:16:25
A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the Servic...
CVE-2024-5037
- EPSS 0.19%
- Veröffentlicht 05.06.2024 18:15:11
- Zuletzt bearbeitet 21.11.2024 09:46:49
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.