Skip to main content

Red Hat Openshift Distributed Tracing 3

1 CVEs product

Monthly

CVE-2026-62147 MEDIUM This Month

Tenant data leakage in the Tempo Operator gateway component (Red Hat OpenShift Distributed Tracing 3) allows an authenticated low-privileged user to read span attributes from namespaces belonging to other tenants. The flaw exists because namespace-scoped redaction is inconsistently applied across certain query API response paths when query RBAC is enabled, meaning the authorization control exists but is not uniformly enforced. No public exploit code has been identified and this CVE is not listed in CISA KEV, but the high confidentiality impact and low attack complexity make it a meaningful risk in shared multi-tenant tracing deployments.

Authentication Bypass Red Hat Openshift Distributed Tracing 3
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Tenant data leakage in the Tempo Operator gateway component (Red Hat OpenShift Distributed Tracing 3) allows an authenticated low-privileged user to read span attributes from namespaces belonging to other tenants. The flaw exists because namespace-scoped redaction is inconsistently applied across certain query API response paths when query RBAC is enabled, meaning the authorization control exists but is not uniformly enforced. No public exploit code has been identified and this CVE is not listed in CISA KEV, but the high confidentiality impact and low attack complexity make it a meaningful risk in shared multi-tenant tracing deployments.

Authentication Bypass Red Hat Openshift Distributed Tracing 3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy