8 matches found
CVE-2025-64751
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...
SUSE CVE-2025-64751
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via certain Check and ListObject calls. An attacker can gain unauthorized access to resources by exploiting improper enforcement of access policies when a relation is directly assignable by a type bound public...
CVE-2025-55213 OpenFGA Authorization Bypass (Check)
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and...
CVE-2025-55213 OpenFGA Authorization Bypass (Check)
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and...
CVE-2025-55213 OpenFGA Authorization Bypass (Check)
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and...
CVE-2025-55213
OpenFGA is affected by an Authorization Bypass vulnerability in which improper policy enforcement occurs during certain Check and ListObject calls. Affected versions are OpenFGA v1.9.3 to v1.9.4 (including openfga-0.2.40 to 0.2.41 and docker/v1.9.4). The issue is fixed in v1.9.5. Impact is descri...
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to improper handling of certain Check and ListObject calls. An attacker can bypass authorization controls by exploiting these calls. Note: This is only exploitable if Check API or ListObject...