CVE-2025-2842 is a vulnerability discovered in the Tempo Operator, a Kubernetes operator managing Tempo instances. The issue arises when the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Operator. In this configuration, the Operator automatically creates a ClusterRoleBinding that grants the cluster-monitoring-view ClusterRole to the Service Account used by the Tempo instance. This ClusterRole provides read access to cluster metrics, which are sensitive operational data. The vulnerability can be exploited if an attacker or user has 'create' permissions on TempoStack resources and 'get' permissions on Kubernetes Secrets within a namespace. Under these conditions, the attacker can retrieve the token of the Tempo service account by reading the Secret associated with it. Possession of this token allows the attacker to impersonate the Tempo service account and access all cluster metrics, potentially exposing sensitive monitoring data. The vulnerability does not allow modification or disruption of cluster resources, only unauthorized read access to metrics. The CVSS 3.1 base score is 4.3 (medium), reflecting the limited impact on confidentiality and no impact on integrity or availability. Exploitation requires some level of privilege within the namespace but no user interaction. There are no known public exploits or active exploitation reported at this time. The vulnerability highlights the risk of over-permissive RBAC configurations and the need for careful management of service account tokens and Secret access in Kubernetes environments.

For European organizations, the exposure of cluster metrics can lead to information disclosure about infrastructure, workloads, and performance characteristics, which could aid attackers in reconnaissance and subsequent targeted attacks. Organizations relying on Kubernetes clusters with Tempo Operator and Jaeger UI Monitor Tab enabled may inadvertently expose sensitive monitoring data if namespace permissions are not tightly controlled. While the vulnerability does not allow direct disruption or data modification, the leakage of operational metrics can reveal system weaknesses or usage patterns. This could be particularly impactful for sectors with strict data protection requirements or critical infrastructure, such as finance, healthcare, and energy. Additionally, the exposure of cluster metrics may violate compliance requirements related to confidentiality of operational data. The medium severity rating suggests a moderate risk, but the actual impact depends on the specific cluster configurations and privilege assignments within the organization’s Kubernetes environment.

To mitigate this vulnerability, European organizations should: 1) Review and restrict RBAC permissions to ensure that users or service accounts do not have unnecessary 'create' permissions on TempoStack resources or 'get' permissions on Secrets within namespaces. 2) Limit access to the Tempo service account token by restricting Secret read permissions only to trusted entities. 3) Consider disabling the Jaeger UI Monitor Tab functionality in the Tempo Operator if it is not required, as this feature triggers the creation of the risky ClusterRoleBinding. 4) Implement Kubernetes RBAC best practices by applying the principle of least privilege, especially around Secret access and cluster monitoring roles. 5) Monitor audit logs for unusual access patterns to Secrets and TempoStack resources. 6) Stay updated with vendor patches or advisories related to Tempo Operator and apply them promptly once available. 7) Use network policies and pod security policies to further isolate sensitive components and reduce the attack surface. 8) Conduct regular security reviews of Kubernetes cluster configurations and service account bindings to detect and remediate over-permissive access.