Medium severity6.1NVD Advisory· Published Aug 30, 2024· Updated Jun 17, 2026
CVE-2024-8260
CVE-2024-8260
Description
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/open-policy-agent/opaGo | < 0.68.0 | 0.68.0 |
Affected products
114- osv-coords113 versionspkg:apk/chainguard/conftestpkg:apk/chainguard/conftest-fipspkg:apk/chainguard/cosignpkg:apk/chainguard/cosign-fipspkg:apk/chainguard/datadog-agentpkg:apk/chainguard/datadog-agent-core-integrationspkg:apk/chainguard/datadog-agent-core-integrations-fipspkg:apk/chainguard/datadog-agent-fakeintakepkg:apk/chainguard/datadog-agent-fakeintake-fipspkg:apk/chainguard/datadog-agent-fipspkg:apk/chainguard/datadog-agent-jmxpkg:apk/chainguard/datadog-agent-jmx-fipspkg:apk/chainguard/datadog-agent-oci-compatpkg:apk/chainguard/datadog-agent-oci-compat-fipspkg:apk/chainguard/datadog-agent-s6-overlaypkg:apk/chainguard/datadog-agent-s6-overlay-fipspkg:apk/chainguard/datadog-cluster-agentpkg:apk/chainguard/datadog-cluster-agent-fipspkg:apk/chainguard/datadog-cluster-agent-oci-compatpkg:apk/chainguard/datadog-cluster-agent-oci-compat-fipspkg:apk/chainguard/dogstatsdpkg:apk/chainguard/gatekeeper-3.17pkg:apk/chainguard/gatekeeper-3.17-compatpkg:apk/chainguard/gatekeeper-3.17-crdspkg:apk/chainguard/gatekeeper-3.17-crds-compatpkg:apk/chainguard/gatekeeper-3.17-gatorpkg:apk/chainguard/gatekeeper-fips-3.17pkg:apk/chainguard/gatekeeper-fips-3.17-compatpkg:apk/chainguard/k8sgptpkg:apk/chainguard/kotspkg:apk/chainguard/kots-compatpkg:apk/chainguard/kots-symlink-compatpkg:apk/chainguard/kubescapepkg:apk/chainguard/kyverno-1.11pkg:apk/chainguard/kyverno-1.12pkg:apk/chainguard/kyverno-background-controller-1.11pkg:apk/chainguard/kyverno-background-controller-1.12pkg:apk/chainguard/kyverno-background-controller-fips-1.11pkg:apk/chainguard/kyverno-background-controller-fips-1.12pkg:apk/chainguard/kyverno-cleanup-controller-1.11pkg:apk/chainguard/kyverno-cleanup-controller-1.12pkg:apk/chainguard/kyverno-cleanup-controller-fips-1.11pkg:apk/chainguard/kyverno-cleanup-controller-fips-1.12pkg:apk/chainguard/kyverno-cli-1.11pkg:apk/chainguard/kyverno-cli-1.12pkg:apk/chainguard/kyverno-cli-fips-1.11pkg:apk/chainguard/kyverno-cli-fips-1.12pkg:apk/chainguard/kyverno-fips-1.11pkg:apk/chainguard/kyverno-fips-1.12pkg:apk/chainguard/kyverno-init-container-1.11pkg:apk/chainguard/kyverno-init-container-1.12pkg:apk/chainguard/kyverno-init-container-fips-1.11pkg:apk/chainguard/kyverno-init-container-fips-1.12pkg:apk/chainguard/kyverno-reports-controller-1.11pkg:apk/chainguard/kyverno-reports-controller-1.12pkg:apk/chainguard/kyverno-reports-controller-fips-1.11pkg:apk/chainguard/kyverno-reports-controller-fips-1.12pkg:apk/chainguard/opapkg:apk/chainguard/policy-controllerpkg:apk/chainguard/policy-controller-fipspkg:apk/chainguard/policy-controller-testerpkg:apk/chainguard/policy-controller-tester-fipspkg:apk/chainguard/policy-controller-webhookpkg:apk/chainguard/snyk-clipkg:apk/chainguard/spire-agentpkg:apk/chainguard/spire-agent-fipspkg:apk/chainguard/spire-oidc-discovery-providerpkg:apk/chainguard/spire-oidc-discovery-provider-fipspkg:apk/chainguard/spire-serverpkg:apk/chainguard/spire-server-fipspkg:apk/chainguard/tfsecpkg:apk/chainguard/zarfpkg:apk/chainguard/zotpkg:apk/wolfi/conftestpkg:apk/wolfi/cosignpkg:apk/wolfi/cosign-fipspkg:apk/wolfi/datadog-agentpkg:apk/wolfi/datadog-agent-core-integrationspkg:apk/wolfi/datadog-agent-fakeintakepkg:apk/wolfi/datadog-agent-jmxpkg:apk/wolfi/datadog-agent-oci-compatpkg:apk/wolfi/datadog-agent-s6-overlaypkg:apk/wolfi/datadog-cluster-agentpkg:apk/wolfi/datadog-cluster-agent-oci-compatpkg:apk/wolfi/dogstatsdpkg:apk/wolfi/gatekeeper-3.17pkg:apk/wolfi/gatekeeper-3.17-compatpkg:apk/wolfi/gatekeeper-3.17-crdspkg:apk/wolfi/gatekeeper-3.17-crds-compatpkg:apk/wolfi/gatekeeper-3.17-gatorpkg:apk/wolfi/k8sgptpkg:apk/wolfi/kotspkg:apk/wolfi/kots-compatpkg:apk/wolfi/kots-symlink-compatpkg:apk/wolfi/kubescapepkg:apk/wolfi/kyverno-1.12pkg:apk/wolfi/kyverno-background-controller-1.12pkg:apk/wolfi/kyverno-cleanup-controller-1.12pkg:apk/wolfi/kyverno-cli-1.12pkg:apk/wolfi/kyverno-init-container-1.12pkg:apk/wolfi/kyverno-reports-controller-1.12pkg:apk/wolfi/opapkg:apk/wolfi/policy-controllerpkg:apk/wolfi/policy-controller-testerpkg:apk/wolfi/policy-controller-webhookpkg:apk/wolfi/snyk-clipkg:apk/wolfi/spire-agentpkg:apk/wolfi/spire-oidc-discovery-providerpkg:apk/wolfi/spire-serverpkg:apk/wolfi/tfsecpkg:apk/wolfi/zarfpkg:apk/wolfi/zotpkg:golang/github.com/open-policy-agent/opa
< 0.55.0-r2+ 112 more
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r3
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.64.1-r0
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 0.3.42-r1
- (no CPE)range: < 1.117.2-r1
- (no CPE)range: < 1.117.2-r1
- (no CPE)range: < 1.117.2-r1
- (no CPE)range: < 3.0.18-r0
- (no CPE)range: < 1.11.5-r16
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.11.5-r16
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.11.5-r21
- (no CPE)range: < 1.12.7-r9
- (no CPE)range: < 1.11.5-r16
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.11.5-r21
- (no CPE)range: < 1.12.7-r9
- (no CPE)range: < 1.11.5-r16
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.11.5-r21
- (no CPE)range: < 1.12.7-r9
- (no CPE)range: < 1.11.5-r21
- (no CPE)range: < 1.12.7-r9
- (no CPE)range: < 1.11.5-r16
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.11.5-r21
- (no CPE)range: < 1.12.7-r9
- (no CPE)range: < 1.11.5-r16
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.11.5-r21
- (no CPE)range: < 1.12.7-r9
- (no CPE)range: < 0.68.0-r0
- (no CPE)range: < 0.9.0-r10
- (no CPE)range: < 0.12.0-r7
- (no CPE)range: < 0.9.0-r10
- (no CPE)range: < 0.12.0-r7
- (no CPE)range: < 0.9.0-r10
- (no CPE)range: < 1.1293.1-r1
- (no CPE)range: < 1.11.2-r5
- (no CPE)range: < 1.12.0-r0
- (no CPE)range: < 1.11.2-r5
- (no CPE)range: < 1.12.0-r0
- (no CPE)range: < 1.11.2-r5
- (no CPE)range: < 1.12.0-r0
- (no CPE)range: < 1.28.10-r2
- (no CPE)range: < 0.40.1-r1
- (no CPE)range: < 2.1.1-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r3
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 7.56.2-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 3.17.1-r2
- (no CPE)range: < 0.3.42-r1
- (no CPE)range: < 1.117.2-r1
- (no CPE)range: < 1.117.2-r1
- (no CPE)range: < 1.117.2-r1
- (no CPE)range: < 3.0.18-r0
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 1.12.5-r4
- (no CPE)range: < 0.68.0-r0
- (no CPE)range: < 0.9.0-r10
- (no CPE)range: < 0.9.0-r10
- (no CPE)range: < 0.9.0-r10
- (no CPE)range: < 1.1293.1-r1
- (no CPE)range: < 1.11.2-r5
- (no CPE)range: < 1.11.2-r5
- (no CPE)range: < 1.11.2-r5
- (no CPE)range: < 1.28.10-r2
- (no CPE)range: < 0.40.1-r1
- (no CPE)range: < 2.1.1-r2
- (no CPE)range: < 0.68.0
- Styra/OPAv5Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-c77r-fh37-x2pxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8260ghsaADVISORY
- www.tenable.com/security/research/tra-2024-36nvdThird Party AdvisoryWEB
- github.com/open-policy-agent/opa/commit/10f4d553e6bb6ae9c69611ecdd9a77dda857070eghsaWEB
- github.com/open-policy-agent/opa/releases/tag/v0.68.0ghsaWEB
- pkg.go.dev/vuln/GO-2024-3141ghsaWEB
News mentions
0No linked articles in our index yet.