The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.

Project Subscriptions

Vendors Products
Openshift Distributed Tracing Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

There is no mitigation or workaround other than upgrading to tempo-operator.v0.21.0-2 (or later); until upgraded, administrators requiring strict namespace isolation of trace data should not rely on query RBAC alone and should consider restricting access to the Tempo query API at the network/route level as a temporary compensating control.

History

Mon, 13 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 12:00:00 +0000

Type Values Removed Values Added
Description The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.
Title Tempo-operator: tempo operator: query rbac bypass
First Time appeared Redhat
Redhat openshift Distributed Tracing
Weaknesses CWE-863
CPEs cpe:/a:redhat:openshift_distributed_tracing:3
Vendors & Products Redhat
Redhat openshift Distributed Tracing
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-13T13:43:50.023Z

Reserved: 2026-07-13T11:29:50.979Z

Link: CVE-2026-62147

cve-icon Vulnrichment

Updated: 2026-07-13T13:43:46.378Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T14:15:15Z

Weaknesses