RHSA-2025:3740HighCVSS 7.5
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 release
🔗 CVE IDs covered (5)
📋 Description
CVE-2025-2786 — tempo-operator: ServiceAccount Token Exposure Leading to Token and Subject Access Reviews in OpenShift Tempo Operator CVE-2025-2842 — tempo-operator: Tempo Operator Token Exposition lead to read sensitive data CVE-2025-22868 — golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws CVE-2025-29786 — github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input CVE-2025-30204 — golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2025:3740
- externalhttps://access.redhat.com/security/cve/CVE-2025-22868
- externalhttps://access.redhat.com/security/cve/CVE-2025-2786
- externalhttps://access.redhat.com/security/cve/CVE-2025-2842
- externalhttps://access.redhat.com/security/cve/CVE-2025-29786
- externalhttps://access.redhat.com/security/cve/CVE-2025-30204
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3740.json