216.73.217.47

CVE-2024-8260

· Published 30/08/2024 13:15 · Modified 19/09/2024 16:08

Labels: CVE-2024-8260 2024-08-30CVE-2024-8260CWE-294[email protected]

Essential information

Published
30/08/2024 13:15
Modified
19/09/2024 16:08
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openpolicyagent / open policy agent cpe:2.3:a:openpolicyagent:open_policy_agent:*:*:*:*:*:*:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References