CVE-2025-2786

Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator

Description

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.

Remediation

Workaround:

  • Currently, no mitigation is available for this vulnerability.

Category

4.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat Red Hat OpenShift distributed tracing 3.5.1
Affected: Red Hat Red Hat OpenShift distributed tracing 3.5.1
Affected: Red Hat Red Hat OpenShift distributed tracing 3
Affected: Red Hat Red Hat OpenShift distributed tracing 3
Affected: Red Hat Red Hat OpenShift distributed tracing 3
Affected: Red Hat Red Hat OpenShift distributed tracing 3
Affected: Red Hat Red Hat OpenShift distributed tracing 3
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2025:3607 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3740 vendor advisory
https://access.redhat.com/security/cve/CVE-2025-2786 vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2354811 issue tracking

Frequently Asked Questions

What is the severity of CVE-2025-2786?
CVE-2025-2786 has been scored as a medium severity vulnerability.
How to fix CVE-2025-2786?
As a workaround for remediating CVE-2025-2786: Currently, no mitigation is available for this vulnerability.
Is CVE-2025-2786 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-2786 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-2786?
CVE-2025-2786 affects Red Hat Red Hat OpenShift distributed tracing 3.5.1, Red Hat Red Hat OpenShift distributed tracing 3.5.1, Red Hat Red Hat OpenShift distributed tracing 3, Red Hat Red Hat OpenShift distributed tracing 3, Red Hat Red Hat OpenShift distributed tracing 3, Red Hat Red Hat OpenShift distributed tracing 3, Red Hat Red Hat OpenShift distributed tracing 3.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.