EUVD-2024-1231

Malicious code in bioql PyPI...

CVE-2024-32001

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

CVE-2023-35930

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...

CVE-2024-32001

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

GHSA-J85Q-46HG-36P2 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

Background Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or folderparent. This bug only manifests if the same subject type is used multiple types i...

CVE-2024-32001

Summary: CVE-2024-32001 affects SpiceDB. A bug in relations of the form folder: folder | folder#parent, when the same subject type is used multiple times and an arrow is used over the relation, can cause LookupSubjects to return only a subset of subjects. This affects any user making a negative a...

GHSA-M54H-5X5F-5M6R SpiceDB's LookupResources may return partial results

Impact Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using...

CVE-2023-35930

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...

Authorization

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...

CVE-2023-35930

SpiceDB's LookupResources may return partial results in v1.22.0, allowing some subjects to slip through or be incorrectly denied. The root cause is using LookupResources for negative authorization decisions. Upgrade to v1.22.2 to patch the issue, or avoid using LookupResources for negative decisi...

CVE-2023-35930 LookupResources may return partial results in spicedb

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...

PT-2023-25388 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB version 1.22.0 Description: The issue affects users making negative authorization decisions based on the results of a LookupResources request. This can lead to incorrect access control, where some subjects may not have access to...