CVE-2025-2786 MEDIUM

CVE-2025-2786: Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator

Vendor Red Hat
Product Red Hat OpenShift distributed tracing 3
Weakness CWE-200 · Info exposure
Published April 2, 2025
Last update March 22, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.

Key dates

02Disclosure timeline

April 2, 2025 CVE published
March 22, 2026 Record updated