A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Open_policy_agent | Openpolicyagent | * | 0.68.0 (excluding) |
| Red Hat OpenShift distributed tracing 3.4 | RedHat | rhosdt/tempo-gateway-opa-rhel8:sha256:08b32341cc141f5151497b2c8a321b19dc6e666004bd72f32d5900c7874da794 | * |