CVE-2024-8260

HIGH EPSS 23.8%
Published Aug 30, 20241y ago · Modified Jun 17, 20262w ago
7.3 CVSS 3.1
High
Find Similar
Published Aug 30, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.

CVSS Details

Base Score
7.3
Exploitability
1.3
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
23.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-294

Affected Products 2

VendorProductVersionRange
openpolicyagentopen_policy_agent* <0.68.0
microsoftwindows*any

References 1

  • tenable.com https://www.tenable.com/security/research/tra-2024-36
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.