{"id":"GO-2026-5161","summary":"Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator","details":"Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator","aliases":["CVE-2025-2842","GHSA-5xf3-gmx4-529v"],"modified":"2026-06-25T18:45:13.503963271Z","published":"2026-06-25T18:26:48Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-5161","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-5xf3-gmx4-529v"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2842"},{"type":"FIX","url":"https://github.com/grafana/tempo-operator/commit/60b538c45f76755262e211d8df0e601a716308c7"},{"type":"FIX","url":"https://github.com/grafana/tempo-operator/pull/1144"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:3607"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:3740"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2025-2842"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355219"},{"type":"WEB","url":"https://github.com/grafana/tempo-operator/blob/8d1c7f13cb0f8db490144b04665b1fd6a2d56307/CHANGELOG.md?plain=1#L342"}],"affected":[{"package":{"name":"github.com/grafana/tempo-operator","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/tempo-operator"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.16.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-5161.json"}}],"schema_version":"1.7.5"}