CVE-2024-8260

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 30, 2024
Updated: Sep 3, 2024
CWE ID 294

Summary

CVE-2024-8260 is a vulnerability affecting all versions of OPA for Windows prior to v0.68.0, resulting from improper input validation that allows arbitrary SMB shares to be passed as arguments. This flaw has a medium severity rating with a CVSS score of 6.1, and it primarily impacts confidentiality, posing a high risk if exploited. To remediate this vulnerability, organizations are advised to upgrade to OPA version 0.68.0 or later to ensure proper input validation is enforced. The exploit requires low privileges and user interaction, making it more manageable for an attacker but still poses a potential threat to data security within affected systems. The vulnerability falls under the category of authentication bypass by capture-replay (CWE-294).

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share