Описание
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.68.0 (исключая)
Одновременно
cpe:2.3:a:openpolicyagent:open_policy_agent:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00096
Низкий
6.1 Medium
CVSS3
7.3 High
CVSS3
Дефекты
CWE-294
CWE-294
Связанные уязвимости
CVSS3: 6.1
redhat
больше 1 года назад
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
CVSS3: 6.1
github
больше 1 года назад
OPA for Windows has an SMB force-authentication vulnerability
EPSS
Процентиль: 27%
0.00096
Низкий
6.1 Medium
CVSS3
7.3 High
CVSS3
Дефекты
CWE-294
CWE-294