Lucene search
K

170 matches found

Vulnrichment
Vulnrichment
added 2025/05/01 7:32 p.m.6 views

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

7.4CVSS6.6AI score0.0036EPSS
Exploits0References2
OSV
OSV
added 2025/05/01 5:2 p.m.6 views

GHSA-6M8W-JC87-6CR7 OPA server Data API HTTP path injection of Rego

Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...

7.4CVSS7AI score0.0036EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/01 5:2 p.m.25 views

OPA server Data API HTTP path injection of Rego

Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...

7.4CVSS7AI score0.0036EPSS
Exploits0References5Affected Software3
Wolfi
Wolfi
added 2025/03/20 4:43 a.m.13 views

GHSA-265R-HFXG-FHMG vulnerabilities

Vulnerabilities for packages: opa-envoy, zarf, grype, helm-push, newrelic-infrastructure-agent, nerdctl, fuse-overlayfs-snapshotter, flux-source-controller, trivy, ctop, syft, kubescape, wolfictl, linkerd2, skaffold, kubevela, melange, eksctl, envoy-gateway, kargo, docker-cli-buildx, k3s, zot,...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2024-8260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input...

7.3CVSS7.2AI score0.00321EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/14 3:46 p.m.2 views

Malicious code in opa-fe-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0912f1fa265b4c148d99d5ebf17f99f098efa46a5222a44acee011d8ab0680df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/11/14 3:46 p.m.3 views

MAL-2024-10764 Malicious code in opa-fe-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0912f1fa265b4c148d99d5ebf17f99f098efa46a5222a44acee011d8ab0680df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/22 2:12 p.m.24 views

Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers

Details have emerged about a now-patched security flaw in Styra's Open Policy Agent OPA that, if successfully exploited, could have led to leakage of New Technology LAN Manager NTLM hashes. "The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local us...

8.8CVSS7.4AI score0.11709EPSS
Exploits0
OSV
OSV
added 2024/09/20 6:51 p.m.13 views

GO-2024-3141 OPA for Windows has an SMB force-authentication vulnerability in github.com/open-policy-agent/opa

OPA for Windows has an SMB force-authentication vulnerability. Due to improper input validation, it allows a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions...

7.3CVSS6.7AI score0.00321EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/09/02 6:10 a.m.18 views

CVE-2024-8260

An SMB force-authentication vulnerability exists in all versions of OPA. The vulnerability exists due to improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or one of the OPA Go library’s functions. Mitigation Mitigation for...

6.1CVSS6.2AI score0.00321EPSS
Exploits0References4
OSV
OSV
added 2024/08/30 3:31 p.m.9 views

GHSA-C77R-FH37-X2PX OPA for Windows has an SMB force-authentication vulnerability

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

6.1CVSS6.7AI score0.00321EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/08/30 3:31 p.m.20 views

OPA for Windows has an SMB force-authentication vulnerability

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

7.3CVSS7.1AI score0.00321EPSS
Exploits0References6Affected Software1
Wolfi
Wolfi
added 2024/08/30 3:31 p.m.74 views

GHSA-C77R-FH37-X2PX vulnerabilities

Vulnerabilities for packages: snyk-cli, kubescape, zarf, spire-server, cosign, opa, k8sgpt, conftest, datadog-agent, policy-controller, tfsec, kots, zot...

6.1AI score
Exploits0
NVD
NVD
added 2024/08/30 1:15 p.m.30 views

CVE-2024-8260

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

7.3CVSS0.00321EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/08/30 1:15 p.m.10 views

CVE-2024-8260 vulnerabilities

Vulnerabilities for packages: k8sgpt, policy-controller-fips, kubescape, kyverno-fips, datadog-agent, cosign-fips, conftest, kyverno, gatekeeper, zot, zarf, cosign, kots, opa, gatekeeper-fips, spire-server-fips, spire-server, policy-controller, datadog-agent-fips, tfsec, snyk-cli, conftest-fips...

7.3CVSS6.7AI score0.00321EPSS
Exploits0
Wolfi
Wolfi
added 2024/08/30 1:15 p.m.56 views

CVE-2024-8260 vulnerabilities

Vulnerabilities for packages: snyk-cli, kubescape, zarf, spire-server, cosign, opa, k8sgpt, conftest, datadog-agent, policy-controller, tfsec, kots, zot...

7.3CVSS6.7AI score0.00321EPSS
Exploits0
Cvelist
Cvelist
added 2024/08/30 12:22 p.m.37 views

CVE-2024-8260 OPA SMB Force-Authentication

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

6.1CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added 2024/08/30 12:22 p.m.295 views

CVE-2024-8260

Technical details for CVE-2024-8260 are not publicly available in the provided connected documents. The initial description mentions OPA on Windows and an SMB force-authentication issue, but no concrete affected versions, impact, exploit data, or fixes are given here. Monitor for updates.

7.3CVSS6.8AI score0.00321EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/30 12:22 p.m.25 views

CVE-2024-8260 OPA SMB Force-Authentication

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

6.1CVSS7AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2024/08/30 12:22 p.m.15 views

CVE-2024-8260 OPA SMB Force-Authentication

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

6.1CVSS7.1AI score0.00321EPSS
Exploits0References4
Rows per page
Query Builder