{"data":{"id":"9b8ff006-ed01-45ea-a8a7-970256168923","title":"GHSA-cxh2-4639-vmc5: OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth","summary":"OpenTelemetry Operator's TargetAllocator has a vulnerability where a tenant who can create or update a ServiceMonitor (a Kubernetes resource that tells Prometheus what to monitor) can trick the Collector into reading arbitrary files from its pod and sending them as authentication credentials to an attacker-controlled endpoint. This allows attackers to steal the Collector's service account token (a credential that proves the pod's identity to Kubernetes) and potentially access sensitive cluster information or files.","solution":"PR #5104 adds a `DenyFSAccessThroughSMs` feature that causes the Target Allocator to drop ServiceMonitor and PodMonitor endpoints that reference arbitrary files on the filesystem. When enabled, endpoints with `bearerTokenFile`, `tlsConfig.caFile`, `tlsConfig.certFile`, or `tlsConfig.keyFile` are dropped from the produced scrape configuration while remaining endpoints are kept.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-cxh2-4639-vmc5","publishedAt":"2026-06-10T17:24:01.000Z","cveId":"CVE-2026-47701","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["github.com/open-telemetry/opentelemetry-operator@< 0.152.0 (fixed: 0.152.0)"],"affectedVendors":[],"affectedVendorsRaw":["OpenTelemetry","Prometheus Operator"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-10T17:24:01.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}