CVE-2022-36085

Опубликовано: 08 сент. 2022

Источник: nvd

CVSS3: 7.4

CVSS3: 9.8

EPSS Низкий

Описание

Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the with keyword to mock such a built-in function (a feature introduced in OPA v0.40.0), isn’t taken into account by WithUnsafeBuiltins. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the WithUnsafeBuiltins function and use the capabilities feature instead.

Ссылки

https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/pull/4540
Exploit
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/pull/4616
Exploit
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/releases/tag/v0.43.1
Third Party Advisory
https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr
Exploit
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/pull/4540
Exploit
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/pull/4616
Exploit
Patch
Third Party Advisory
https://github.com/open-policy-agent/opa/releases/tag/v0.43.1
Third Party Advisory
https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openpolicyagent:open_policy_agent:*:*:*:*:*:*:*:*

Версия от 0.40.0 (включая) до 0.43.1 (исключая)

EPSS

Процентиль: 78%

0.01107

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-36085

CVSS3: 9.8

redhat

больше 3 лет назад

Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the `with` keyword to mock such a built-in function (a feature introduced in OPA v0.40.0), isn’t taken into account by `WithUnsafeBuiltins`. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the `WithUnsafeBuiltins` function and use the `capabilities` feature instead.

GHSA-f524-rf33-2jjr

CVSS3: 7.4

github

больше 3 лет назад

OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions

EPSS

Процентиль: 78%

0.01107

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo