DirectorySecurity Advisories
Sign In
Security Advisories

CGA-2j3j-4mm5-fpm7

Published

Last updated

https://images.chainguard.dev/security/CGA-2j3j-4mm5-fpm7
Package

cosign

Latest Update
Fixed
Fixed Version

2.4.0-r4

Aliases
  • CVE-2024-8260
  • GHSA-c77r-fh37-x2px

Severity

6.1

Medium

CVSS V3

Summary

OPA for Windows has an SMB force-authentication vulnerability

Description

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images