DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-8QQM-FP2Q-V734: GHSA-8QQM-FP2Q-V734: Authorization Bypass in Skipper's Open Policy Agent Integration

GHSA-8QQM-FP2Q-V734: Authorization Bypass in Skipper's Open Policy Agent Integration

Vulnerability ID: GHSA-8QQM-FP2Q-V734
CVSS Score: 8.2
Published: 2026-07-17

An authorization bypass vulnerability in the Open Policy Agent (OPA) integration of the Skipper HTTP router allows unauthenticated remote attackers to bypass OPA policy inspection. When an incoming HTTP request declares a Content-Length exceeding Skipper's configured maxBodyBytes limit, Skipper bypasses body parsing and forwards an empty document to OPA, while transmitting the full, uninspected payload intact to the upstream backend.

TL;DR

Oversized HTTP request bodies skip Skipper's OPA inspection filter but are still forwarded intact to backend microservices, causing deny-on-presence authorization checks to fail open.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-863
  • Attack Vector: Network
  • CVSS Score: 8.2
  • Exploit Status: PoC Available
  • Affected Component: filters/openpolicyagent
  • Fixed Version: v0.27.26

Affected Systems

  • Skipper Ingress Controller / Proxy

Code Analysis

Commit: 3152f3b

Fix: security opa authz bypass (#4041)

Mitigation Strategies

  • Upgrade Skipper to version 0.27.26 or later.
  • Explicitly update OPA Rego policies to fail-closed when input.attributes.request.http.truncated_body is true.

Remediation Steps:

  1. 1. Locate all ingress and routing policies utilizing OPA request body verification filter.
  2. 2. Implement package updates to Skipper v0.27.26 within your orchestrator deployment manifest.
  3. 3. Modify active OPA policies to evaluate the truncated_body property and deny requests when truncation occurs.
  4. 4. Deploy updated policies to OPA decision endpoints and perform verification testing using oversized requests.

References


Read the full report for GHSA-8QQM-FP2Q-V734 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)