Approved changes feed: RSS · Atom
cpe:2.3:a:grafana:tempo:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Grafana (7564912d-bb81-50cf-9eb9-f573ac2fa519) |
|---|---|
| Product | Tempo (a1040b06-74c1-569a-823a-86452ae46b36) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/grafana/tempo |
purl2cpe | 2026-06-01 10:14:45.989914 |
pkg:golang/github.com/grafana/tempo |
purl2cpe | 2026-06-01 10:14:45.989916 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-28377 |
vulnerable | 2026-06-03 15:18:08.342263 |
S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)
HIGH (7.5)
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.
Thanks to william_goodfellow for reporting this vulnerability.
Published: 2026-03-26T21:39:46.928Z
Updated: 2026-05-13T19:28:35.388Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-21728 |
vulnerable | 2026-06-03 15:15:51.542768 |
Tempo query limit results in unbounded memory allocation
HIGH (7.5)
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.
Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).
Published: 2026-04-24T08:00:47.074Z
Updated: 2026-05-13T19:28:30.906Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.