PT-2026-26315 · Grafana+1 · Grafana Tempo+1

William_Goodfellow

·

Publicado

2026-03-16

·

Atualizado

2026-06-25

·

CVE-2026-28377

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Grafana Tempo versions prior to 2.10.3
Description A flaw exists in Grafana Tempo that results in the exposure of the S3 SSE-C encryption key in plaintext. This exposure occurs through the /status/config API endpoint. Successful exploitation could allow unauthorized users to obtain the key used to encrypt trace data stored in S3.
Recommendations Update to version 2.10.3 or later.

Exploit

Correção

Inadequate Encryption Strength

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

BDU:2026-06943
CLEANSTART-2026-KC83705
CLEANSTART-2026-YF74364
CLEANSTART-2026-ZI02697
CVE-2026-28377
GHSA-FFQX-Q65F-36JF
GO-2026-5359
OPENSUSE-SU-2026:10390-1

Produtos afetados

Grafana Tempo
Red Os