CVE-2025-2786

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2786
A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:3607
https://access.redhat.com/errata/RHSA-2025:3740
https://access.redhat.com/security/cve/CVE-2025-2786
https://bugzilla.redhat.com/show_bug.cgi?id=2354811
Configurations

No configuration.

History

09 Apr 2025, 21:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:3740 -

04 Apr 2025, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:3607 -
Summary
  • (es) Se detectó una falla en Tempo Operator, que crea una cuenta de servicio, un rol de clúster y un enlace de rol de clúster cuando un usuario implementa una instancia de TempoStack o TempoMonolithic. Esta falla permite a un usuario con acceso completo a su espacio de nombres extraer el token de la cuenta de servicio y usarlo para enviar solicitudes TokenReview y SubjectAccessReview, lo que podría revelar información sobre los permisos de otros usuarios. Si bien esto no permite la escalada de privilegios ni la suplantación de identidad, expone información que podría facilitar la recopilación de información para futuros ataques.

02 Apr 2025, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-02 11:15

Updated : 2025-04-09 21:16

NVD link : CVE-2025-2786

Mitre link : CVE-2025-2786

CVE.ORG link : CVE-2025-2786

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor