漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Tempo TraceQL query with exemplar hint could result in unbounded memory usage
Vulnerability Description
A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
Grafana Tempo 安全漏洞
Vulnerability Description
Grafana tempo是Grafana公司开源的一个分布式追踪后端服务。 Grafana Tempo 2.8.8之前版本和Grafana Tempo 2.10.2之前版本存在安全漏洞,该漏洞源于TraceQL查询中大量exemplars hint值导致内存分配过多,可能允许已认证用户触发拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A