Codywilliamson

**Name of the Vulnerable Software and Affected Versions** OpenTelemetry.Exporter.OpenTelemetryProtocol versions 1.8.0 through 1.15.2 **Description** The OTLP disk retry feature silently falls back to `Path.GetTempPath()` when `OTEL DOTNET EXPERIMENTAL OTLP RETRY` is set to `disk` but `OTEL DOTNET EXPERIMENTAL OTLP DISK RETRY DIRECTORY PATH` is not configured. The exporter stores and loads `*.blob` files under fixed subdirectories (`traces`, `metrics`, `logs`) within that shared temporary root path. On multi-user systems where the temporary directory is accessible to other local accounts, this allows an attacker to write crafted `*.blob` files, which the `OtlpExporterPersistentStorageTransmissionHandler()` function then forwards to the OTLP endpoint under the application's identity. Additionally, attackers can read `*.blob` files to recover encoded telemetry payloads or deposit numerous oversized files to consume disk space and degrade retry-loop performance. **Recommendations** Update to version 1.15.3. Configure a dedicated directory with strict ACL/ownership and least privilege for `OTEL DOTNET EXPERIMENTAL OTLP DISK RETRY DIRECTORY PATH` to ensure it is not shared across users. Avoid enabling disk retry in shared environments.