FKIE_CVE-2022-36085

Vulnerability from fkie_nvd - Published: 2022-09-08 14:15 - Updated: 2024-11-21 07:12
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the `with` keyword to mock such a built-in function (a feature introduced in OPA v0.40.0), isn’t taken into account by `WithUnsafeBuiltins`. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the `WithUnsafeBuiltins` function and use the `capabilities` feature instead.
References
security-advisories@github.comhttps://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/open-policy-agent/opa/pull/4540Exploit, Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/open-policy-agent/opa/pull/4616Exploit, Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/open-policy-agent/opa/releases/tag/v0.43.1Third Party Advisory
security-advisories@github.comhttps://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjrExploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/open-policy-agent/opa/pull/4540Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/open-policy-agent/opa/pull/4616Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/open-policy-agent/opa/releases/tag/v0.43.1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjrExploit, Patch, Third Party Advisory
Impacted products
Vendor Product Version
openpolicyagent open_policy_agent *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openpolicyagent:open_policy_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24044142-C7B3-4994-9F36-5ED0299C8E5B",
              "versionEndExcluding": "0.43.1",
              "versionStartIncluding": "0.40.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe \u2014 and as such rejected \u2014 by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the `with` keyword to mock such a built-in function (a feature introduced in OPA v0.40.0), isn\u2019t taken into account by `WithUnsafeBuiltins`. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the `WithUnsafeBuiltins` function and use the `capabilities` feature instead."
    },
    {
      "lang": "es",
      "value": "Open Policy Agent (OPA) es un motor de pol\u00edticas de prop\u00f3sito general de c\u00f3digo abierto.\u0026#xa0;El compilador de Rego proporciona una funci\u00f3n \"WithUnsafeBuiltins\" (en desuso), que permite a usuarios proporcionar un conjunto de funciones integradas que el compilador deber\u00eda considerar inseguras y, como tales, rechazarlas si son encontradas en la etapa de compilaci\u00f3n de pol\u00edticas. .\u0026#xa0;Se ha encontrado una omisi\u00f3n de esta protecci\u00f3n, en la que \"WithUnsafeBuiltins\" no es tenido en cuenta el uso de la palabra clave \"with\" para simular una funci\u00f3n integrada de este tipo (una caracter\u00edstica introducida en OPA v0.40.0).\u0026#xa0;Deben cumplirse m\u00faltiples condiciones para crear un efecto adverso.\u0026#xa0;La versi\u00f3n 0.43.1 contiene un parche para este problema.\u0026#xa0;Como mitigaci\u00f3n, evite usar la funci\u00f3n \"WithUnsafeBuiltins\" y use la funcionalidad \"capabilities\" en su lugar"
    }
  ],
  "id": "CVE-2022-36085",
  "lastModified": "2024-11-21T07:12:21.110",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-08T14:15:08.340",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/pull/4540"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/pull/4616"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/releases/tag/v0.43.1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/pull/4540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/pull/4616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/releases/tag/v0.43.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.