Описание
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
An SMB force-authentication vulnerability exists in all versions of OPA. The vulnerability exists due to improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or one of the OPA Go library’s functions.
Отчет
The SMB force-authentication vulnerability in OPA for Windows builds is classified as moderate severity due to its specific exploitation requirements and potential impact. The flaw arises from improper input validation, allowing an attacker to supply an arbitrary SMB share instead of a Rego file. However, exploitation of this issue necessitates direct access to the OPA CLI or its Go library functions, and the attacker must have the ability to influence the arguments passed to these components. While it could lead to unauthorized access or manipulation of data if exploited, the attack vector is limited and requires specific conditions to be met.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/lokistack-gateway-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/opa-openshift-rhel8 | Not affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-validation-rhel9 | Affected | ||
| Red Hat Connectivity Link 1 | authorino-container | Affected | ||
| Red Hat OpenShift distributed tracing 3 | rhosdt/tempo-gateway-opa-rhel8 | Affected | ||
| Red Hat OpenShift distributed tracing 3.4 | registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8 | Fixed | RHSA-2024:10948 | 11.12.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
OPA for Windows has an SMB force-authentication vulnerability
EPSS
6.1 Medium
CVSS3