Primary

Context

Grafana Tempo S3 SSE-C Encryption Key Exposure Vulnerability

Vulnerability

A vulnerability in Grafana Tempo allows the S3 SSE-C encryption key to be exposed in plaintext through the /status/config endpoint. This could enable unauthorized users to access the key used for encrypting trace data stored in S3.

Impact

Exposing the S3 SSE-C encryption key in plaintext could allow unauthorized users to decrypt trace data stored in S3, potentially leading to unauthorized access to sensitive information.

Remediation

Users can upgrade to Grafana Tempo version 2.10.3 or later to address this vulnerability.

Added: Mar 26, 2026, 10:38 PM

Updated: Mar 26, 2026, 10:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana Tempo S3 SSE-C Encryption Key Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating