Grafana

Tempo

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.24%
  • Veröffentlicht 19.06.2026 19:02:27
  • Zuletzt bearbeitet 29.06.2026 19:59:27

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service agai...

  • EPSS 0.65%
  • Veröffentlicht 24.04.2026 08:00:47
  • Zuletzt bearbeitet 30.06.2026 03:17:24

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18)...

  • EPSS 0.16%
  • Veröffentlicht 26.03.2026 21:39:46
  • Zuletzt bearbeitet 31.03.2026 19:00:15

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow fo...