Skip to main content

Open Policy Agent

4 CVEs product

Monthly

CVE-2024-8260 Go HIGH PATCH This Week

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Open Policy Agent
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-36085 Go CRITICAL POC PATCH Act Now

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Open Policy Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-33082 Go HIGH POC PATCH This Week

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Policy Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-28946 Go HIGH PATCH This Week

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Open Policy Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Open Policy Agent
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Open Policy Agent
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Policy Agent
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Open Policy Agent
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy