CVE-2025-2842 is a vulnerability discovered in the Tempo Operator, a Kubernetes operator managing Tempo instances for distributed tracing. The issue arises when the Jaeger UI Monitor Tab functionality is enabled within a Tempo instance managed by the operator. In this configuration, the operator automatically creates a ClusterRoleBinding that assigns the cluster-monitoring-view ClusterRole to the service account used by the Tempo instance. This ClusterRole grants read access to cluster-wide monitoring metrics. The vulnerability can be exploited if an attacker has 'create' permissions on TempoStack resources and 'get' permissions on Secrets within a namespace. Such permissions might be held by users with ClusterAdmin rights scoped to a namespace. By leveraging these permissions, the attacker can read the token of the Tempo service account from the Secrets resource, which is then used to access cluster metrics that should otherwise be restricted. This exposure of sensitive monitoring data could provide attackers with valuable insights into cluster operations and potentially aid in further exploitation or reconnaissance. The CVSS 3.1 score is 4.3 (medium severity), reflecting the limited scope and the requirement for some privileges to exploit. No authentication bypass or direct code execution is involved, and no user interaction is required. The vulnerability affects Tempo Operator versions prior to the patch (not specified here). No public exploits are currently known, but the flaw represents a risk in multi-tenant or shared Kubernetes environments where privilege boundaries are critical.

For European organizations, especially those deploying Kubernetes clusters with Tempo Operator for observability, this vulnerability can lead to unauthorized disclosure of cluster monitoring data. Such data might include metrics that reveal system performance, resource usage, and potentially sensitive operational details. Attackers gaining this information could better understand cluster topology and workloads, facilitating targeted attacks or lateral movement. Organizations in sectors with strict data protection regulations (e.g., finance, healthcare, critical infrastructure) could face compliance risks if sensitive operational data is exposed. The impact is heightened in multi-tenant environments or managed Kubernetes services where namespace-level privileges are granted to different teams or customers. Although the vulnerability does not directly allow code execution or cluster takeover, the information disclosure could be a stepping stone for more severe attacks. The medium severity rating suggests that while the risk is not critical, it should not be ignored, particularly in environments with complex role-based access control (RBAC) configurations.

European organizations should audit their Kubernetes RBAC configurations, focusing on permissions related to TempoStack resources and Secrets access within namespaces. Specifically, restrict 'create' permissions on TempoStack and 'get' permissions on Secrets to only trusted users and service accounts. Disable the Jaeger UI Monitor Tab functionality in Tempo instances unless absolutely necessary, as this triggers the creation of the risky ClusterRoleBinding. If the feature is required, consider manually managing ClusterRoleBindings to limit the scope of access granted to the Tempo service account. Implement strict namespace isolation and avoid granting ClusterAdmin or equivalent privileges scoped to namespaces unless justified. Regularly rotate service account tokens and monitor for unusual access patterns to Secrets and cluster monitoring APIs. Stay updated with Tempo Operator releases and apply patches addressing this vulnerability once available. Employ Kubernetes audit logging to detect attempts to read service account tokens or escalate privileges. Finally, consider using network policies and pod security policies to limit the exposure of monitoring components.