A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Open_policy_agent | Openpolicyagent | * | 0.68.0 (excluding) |
| Red Hat OpenShift distributed tracing 3 | RedHat | tempo-gateway-opa-rhel8 | * |
| Red Hat OpenShift distributed tracing 3 | RedHat | tempo-gateway-rhel8 | * |
| Red Hat OpenShift distributed tracing 3 | RedHat | tempo-jaeger-query-rhel8 | * |
| Red Hat OpenShift distributed tracing 3 | RedHat | tempo-operator-bundle | * |
| Red Hat OpenShift distributed tracing 3 | RedHat | tempo-query-rhel8 | * |
| Red Hat OpenShift distributed tracing 3 | RedHat | tempo-rhel8 | * |
| Red Hat OpenShift distributed tracing 3 | RedHat | tempo-rhel8-operator | * |