CVE-2024-8260

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8260

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8260.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8260

Aliases

Related

Published

2024-08-30T13:15:12Z

Modified

2025-02-19T03:39:50.085824Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.

References

https://www.tenable.com/security/research/tra-2024-36

Affected packages

Git / github.com/open-policy-agent/opa

Affected ranges

Type: GIT
Repo: https://github.com/open-policy-agent/opa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

db53d77c482676fadd53bc67a10cf75b3d0ce00b

Affected versions

v0.*

v0.1.0

v0.1.0-rc1

v0.1.0-rc2

v0.1.0-rc3

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.7

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.15.1

v0.16.0

v0.17.0

v0.17.1

v0.17.2

v0.18.0

v0.19.0

v0.19.0-rc1

v0.19.1

v0.2.0

v0.2.1

v0.2.2

v0.20.0

v0.20.1

v0.20.2

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.25.0-rc1

v0.25.0-rc3

v0.25.0-rc4

v0.25.1

v0.25.2

v0.26.0

v0.27.0

v0.27.1

v0.28.0

v0.29.0

v0.29.1

v0.29.2

v0.29.3

v0.29.4

v0.3.0

v0.3.1

v0.30.0

v0.30.0-rc0

v0.30.1

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.38.0

v0.39.0

v0.4.0

v0.4.1

v0.4.10

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.40.0

v0.41.0

v0.42.0

v0.43.0

v0.44.0

v0.45.0

v0.46.0

v0.46.1

v0.47.0

v0.48.0

v0.49.0

v0.5.0

v0.5.1

v0.5.10

v0.5.11

v0.5.12

v0.5.13

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.50.0

v0.51.0

v0.52.0

v0.53.0

v0.54.0

v0.55.0

v0.56.0

v0.57.0

v0.58.0

v0.59.0

v0.6.0

v0.60.0

v0.61.0

v0.62.0

v0.62.1

v0.63.0

v0.64.0

v0.65.0

v0.66.0

v0.67.0

v0.7.0

v0.7.1

v0.8.0

v0.8.1

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v0.9.3-rc1

v0.9.3-rc2

v0.9.3-rc3