Lucene search
K

170 matches found

CBLMariner
CBLMariner
added 2024/07/23 10:5 p.m.12 views

CVE-2024-24786 affecting package opa for versions less than 0.63.0-1

CVE-2024-24786 affecting package opa for versions less than 0.63.0-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS6.8AI score0.01262EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/07/23 10:5 p.m.21 views

CVE-2023-45288 affecting package opa for versions less than 0.63.0-1

CVE-2023-45288 affecting package opa for versions less than 0.63.0-1. A patched version of the package is available...

7.5CVSS7.8AI score0.91969EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/07/23 10:5 p.m.17 views

CVE-2023-45142 affecting package opa for versions less than 0.63.0-1

CVE-2023-45142 affecting package opa for versions less than 0.63.0-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.7AI score0.01364EPSS
Exploits0
Veracode
Veracode
added 2024/07/16 5:50 a.m.13 views

Information Disclosure

fastapi-opa is vulnerable to Information Disclosure. The vulnerability is due to lack of authentication enforcement for HTTP OPTIONS requests by OpaMiddleware, allowing an unauthenticated attacker to determine the existence of entities within the application based on the responses to these reques...

5.8CVSS7AI score0.00563EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/07/15 8:15 p.m.15 views

CVE-2024-40627

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

5.8CVSS0.00563EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/07/15 8:15 p.m.22 views

CVE-2024-40627

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

5.8CVSS5.8AI score0.00563EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/15 7:21 p.m.46 views

CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

5.8CVSS0.00563EPSS
Exploits0References3
CVE
CVE
added 2024/07/15 7:21 p.m.65 views

CVE-2024-40627

CVE-2024-40627 concerns the Fastapi-OPA OpaMiddleware, which incorrectly allows unauthenticated HTTP OPTIONS requests by bypassing policy evaluation. This can enable an unauthenticated attacker to infer entity existence based on responses, potentially leaking information about writable entities. ...

5.8CVSS5.5AI score0.00563EPSS
Exploits0References3
OSV
OSV
added 2024/07/15 7:21 p.m.28 views

CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

5.8CVSS6.6AI score0.00563EPSS
Exploits0References5
OSV
OSV
added 2024/07/15 5:49 p.m.11 views

GHSA-5F5C-8RVC-J8WF OpaMiddleware does not filter HTTP OPTIONS requests

Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...

6.9CVSS5.5AI score0.00563EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/07/15 5:49 p.m.4 views

fastflows (>=0.1.0 <=0.1.2) potentially affected by CVE-2024-40627 via fastapi-opa (=1.4.8)

fastapi-opa PYPI version =1.4.8 is affected by a known vulnerability. The following packages have a transitive dependency on fastapi-opa and may be impacted: - fastflows =0.1.0, =0.1.2 Source cves: CVE-2024-40627 Source advisory: OSV:GHSA-5F5C-8RVC-J8WF...

5.8CVSS5.8AI score0.00563EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/07/15 5:49 p.m.24 views

OpaMiddleware does not filter HTTP OPTIONS requests

Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...

5.8CVSS6.6AI score0.00563EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.5 views

PT-2024-28950

Name of the Vulnerable Software and Affected Versions Fastapi OPA versions prior to 2.0.1 Description The issue allows unauthenticated attackers to discover which entities exist within an application by sending HTTP OPTIONS requests. This is because OpaMiddleware allows all HTTP OPTIONS requests...

6.9CVSS5.9AI score0.00563EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.35 views

CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)

The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...

7.5CVSS7.9AI score0.01364EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2024/06/12 10:23 p.m.15 views

CVE-2023-45288 affecting package opa for versions less than 0.63.0-2

CVE-2023-45288 affecting package opa for versions less than 0.63.0-2. A patched version of the package is available...

7.5CVSS7AI score0.91969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/04/23 12:0 a.m.29 views

CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / cf-cli (CVE-2024-24786)

The version of azcopy / blobfuse2 / cert-manager / cf-cli installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24786 advisory. - The protojson.Unmarshal function can enter an infinite loop when...

7.5CVSS6.9AI score0.01262EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2024/04/10 9:48 p.m.15 views

CVE-2024-24786 affecting package opa for versions less than 0.63.0-1

CVE-2024-24786 affecting package opa for versions less than 0.63.0-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS6.1AI score0.01262EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/04/10 9:48 p.m.13 views

CVE-2023-45142 affecting package opa for versions less than 0.63.0-1

CVE-2023-45142 affecting package opa for versions less than 0.63.0-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.8AI score0.01364EPSS
Exploits0
OSV
OSV
added 2024/04/04 9:15 p.m.10 views

AZL-38941 CVE-2023-45288 affecting package opa for versions less than 0.63.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.16 views

AZL-39571 CVE-2023-45288 affecting package opa for versions less than 0.63.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
Rows per page
Query Builder