A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole.
This can be exploited if a user has 'create' permissions on TempoStack and 'get' permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token of the Tempo service account and therefore has access to see all cluster metrics.
Fixes

Solution

No solution given by the vendor.


Workaround

Currently, no mitigation is available for this vulnerability.

History

Wed, 09 Apr 2025 20:45:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 04 Apr 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
References

Wed, 02 Apr 2025 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 02 Apr 2025 11:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be exploited if a user has 'create' permissions on TempoStack and 'get' permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token of the Tempo service account and therefore has access to see all cluster metrics.
Title Tempo-operator: tempo operator token exposition lead to read sensitive data
First Time appeared Redhat
Redhat openshift Distributed Tracing
Weaknesses CWE-200
CPEs cpe:/a:redhat:openshift_distributed_tracing:3
Vendors & Products Redhat
Redhat openshift Distributed Tracing
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-31T09:13:00.635Z

Reserved: 2025-03-27T02:38:55.497Z

Link: CVE-2025-2842

cve-icon Vulnrichment

Updated: 2025-04-02T13:25:35.052Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-04-02T12:15:14.677

Modified: 2025-04-09T21:16:25.913

Link: CVE-2025-2842

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-03-27T00:00:00Z

Links: CVE-2025-2842 - Bugzilla

cve-icon OpenCVE Enrichment

No data.