3 matches found
CVE-2023-40579
creationtimestamp| type| source ---|---|--- 2023-08-26 00:14:22+00:00| seen| https://t.me/cibsecurity/69210...
CVE-2023-40579 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using ListObjects with specific models. The...
CVE-2023-40579
OpenFGA OpenFGA v1.3.0 and earlier contains an authorization bypass in the ListObjects API when models include expressions of type rel1 from type1. The root cause is mis-evaluation of results for ListObjects under those models, enabling access to unauthorized objects. The issue has been fixed in ...