Lucene search

[email protected]NVD:CVE-2023-45810

HistoryOct 17, 2023 - 11:15 p.m.

CVE-2023-45810

2023-10-1723:15:12

CWE-400

[email protected]

web.nvd.nist.gov

openfga

denial of service

version 1.3.4

backward compatible

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

23.7%

JSON

OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Node

openfgaopenfgaRange<1.3.4

VendorProductVersionCPE
openfgaopenfga*cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openfga	openfga	*	cpe:2.3:a:openfga:openfga::::::::

References

github.com/openfga/openfga/security/advisories/GHSA-hr4f-6jh8-f2vq

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

23.7%

JSON

Related for NVD:CVE-2023-45810

cvelist1 osv3 veracode1 github1 vulnrichment1 prion1 cve1