Technology: loki
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0029 Low Impact: 6/10 Mitigation: 5/10 | Loki fails to retrieve AWS credentials when specifying S3 endpoint with IRSA | - When deploying Grafana Loki with AWS S3 as the storage backend and specifying a custom S3 endpoint (e.g., for FIPS compliance or GovCloud regions), Loki may fail to retrieve AWS credentials via IAM Roles for Service Accounts (IRSA). This results in errors during startup or when attempting to upload index tables, preventing Loki from functioning correctly. | Storage | loki | LokiS3AWSIrsaStorageAuthenticationHelmPublic |
| CRE-2025-0032 Low Impact: 2/10 Mitigation: 4/10 | Loki generates excessive logs when memcached service port name is incorrect | Loki instances using memcached for caching may emit excessive warning or error logs when the configured`memcached_client` service port name does not match the actual Kubernetes service port. This does not cause a crash or failure, but it results in noisy logs and ineffective caching behavior. | Observability Problems | loki | LokiMemcachedConfigurationServiceCacheKnown IssueKubernetesPublic |
| CRE-2025-0038 Low Impact: 5/10 Mitigation: 3/10 | Loki fails to cache entries due to Memcached out-of-memory error | Grafana Loki may emit errors when attempting to write to a Memcached backend that has run out of available memory. This results in dropped index or query cache entries, which can degrade query performance but does not interrupt ingestion. | Observability Problems | loki | LokiMemcachedCacheMemoryInfrastructureKnown IssuePublic |