The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.
History

Tue, 14 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 13 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 12:00:00 +0000

Type Values Removed Values Added
Description The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.
Title Tempo-operator: tempo operator: query rbac bypass
First Time appeared Redhat
Redhat openshift Distributed Tracing
Weaknesses CWE-863
CPEs cpe:/a:redhat:openshift_distributed_tracing:3
Vendors & Products Redhat
Redhat openshift Distributed Tracing
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-07-13T11:43:59.024Z

Updated: 2026-07-13T13:43:50.023Z

Reserved: 2026-07-13T11:29:50.979Z

Link: CVE-2026-62147

cve-icon Vulnrichment

Updated: 2026-07-13T13:43:46.378Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-07-13T10:00:13Z

Links: CVE-2026-62147 - Bugzilla