A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Open_policy_agent | Openpolicyagent | * | 0.68.0 (excluding) |
Red Hat OpenShift distributed tracing 3.4 | RedHat | registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8:sha256:831bc3d120a4998eb256c44aa54887add11cceb817cf6a105733cfd828f58c5c | * |