VYPR
Moderate severityNVD Advisory· Published Aug 30, 2024· Updated Aug 30, 2024

OPA SMB Force-Authentication

CVE-2024-8260

Description

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/open-policy-agent/opaGo
< 0.68.00.68.0

Affected products

114

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.