{"data":{"id":"5a36eb44-e4cb-4060-929b-b6e0f766b214","title":"GHSA-8gmg-3w2q-65f4: OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR","summary":"OpenTelemetry eBPF Instrumentation (OBI) has a vulnerability where a local attacker controlling a Java process can overwrite arbitrary host files when Java injection is enabled and OBI runs with elevated privileges (special system permissions). The flaw occurs because the injector trusts an environment variable called TMPDIR from the target process without proper validation, and uses unsafe file creation methods that allow symlink attacks (where an attacker creates a link pointing to a different file to trick the system into overwriting it).","solution":"Upgrade to https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.8.0.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-8gmg-3w2q-65f4","publishedAt":"2026-04-17T22:21:41.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["go.opentelemetry.io/obi@>= 0.4.0, < 0.8.0 (fixed: 0.8.0)"],"affectedVendors":[],"affectedVendorsRaw":["OpenTelemetry"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-17T22:21:41.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}