Lucene search

K
cvelistGitHub_MCVELIST:CVE-2022-36085
HistorySep 08, 2022 - 1:30 p.m.

CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions

2022-09-0813:30:16
CWE-20
CWE-693
GitHub_M
www.cve.org

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the with keyword to mock such a built-in function (a feature introduced in OPA v0.40.0), isn’t taken into account by WithUnsafeBuiltins. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the WithUnsafeBuiltins function and use the capabilities feature instead.

CNA Affected

[
  {
    "product": "opa",
    "vendor": "open-policy-agent",
    "versions": [
      {
        "status": "affected",
        "version": ">= 0.40.0, < 0.43.1"
      }
    ]
  }
]

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

Related for CVELIST:CVE-2022-36085