Vulnerabilities > Openpolicyagent

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-8260 Authentication Bypass by Capture-replay vulnerability in Openpolicyagent Open Policy Agent
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0.
local
low complexity
openpolicyagent CWE-294
7.3
2022-09-08 CVE-2022-36085 Unspecified vulnerability in Openpolicyagent Open Policy Agent
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
network
low complexity
openpolicyagent
critical
9.8
2022-06-30 CVE-2022-33082 Unspecified vulnerability in Openpolicyagent Open Policy Agent
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
network
low complexity
openpolicyagent
7.5
2022-05-19 CVE-2022-28946 Unspecified vulnerability in Openpolicyagent Open Policy Agent 0.39.0
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
network
low complexity
openpolicyagent
7.5
2022-02-09 CVE-2022-23628 Unspecified vulnerability in Openpolicyagent Open Policy Agent
OPA is an open source, general-purpose policy engine.
network
low complexity
openpolicyagent
5.3
2021-11-17 CVE-2021-43979 Always-Incorrect Control Flow Implementation vulnerability in Openpolicyagent Gatekeeper
Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control.
network
low complexity
openpolicyagent CWE-670
5.3