Lucene search
K

323 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:23 p.m.4 views

CVE-2022-39342

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct relationship...

9.8CVSS9.3AI score0.00859EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:23 p.m.4 views

CVE-2022-39341

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...

9.8CVSS9.3AI score0.00859EPSS
Exploits0References1
NVD
NVD
added 2025/05/22 11:15 p.m.45 views

CVE-2025-48371

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

8.8CVSS0.00408EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/22 10:20 p.m.8 views

CVE-2025-48371 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

5.8CVSS6.5AI score0.00408EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/22 10:20 p.m.18 views

CVE-2025-48371 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

5.8CVSS0.00408EPSS
Exploits0References2
CVE
CVE
added 2025/05/22 10:20 p.m.233 views

CVE-2025-48371

OpenFGA Open Authorization bypass (CVE-2025-48371) affects versions 1.8.0–1.8.12 of OpenFGA (and corresponding Helm/dockers) where certain Check and ListObjects calls can bypass access controls under specific conditions involving relationships that can be publicly assigned and usersets, contextua...

8.8CVSS6.6AI score0.00408EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2025/05/22 10:20 p.m.9 views

CVE-2025-48371 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

5.8CVSS6.5AI score0.00408EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.6 views

CVE-2022-39340

OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the streamed-list-objects endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users openfga/openfga versions 0.2.3 and prior who are exposing the OpenFGA service to the intern...

5.3CVSS6.8AI score0.00672EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.9 views

CVE-2022-39352

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

9.8CVSS6.6AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.6 views

PT-2025-22567 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.8.0 through 1.8.12 Description: OpenFGA is an authorization/permission engine. The issue arises when certain Check and ListObject calls are executed under specific conditions. These conditions include: calling Check API or...

5.8CVSS6.1AI score0.00408EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.5 views

OpenFGA 授权问题漏洞

OpenFGA is OpenFGA open source a high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. An authorization issue vulnerability exists in OpenFGA versions 1.8.0 through 1.8.12, which stems from specific Check and ListObject calls that could...

5.8CVSS6.3AI score0.00408EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/05/21 12:45 a.m.4 views

SUSE CVE-2025-46331

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

9.8CVSS6.9AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2025/05/15 8:0 p.m.17 views

GO-2025-3657 OpenFGA Authorization Bypass in github.com/openfga/openfga

OpenFGA Authorization Bypass in github.com/openfga/openfga...

9.8CVSS6.7AI score0.00327EPSS
Exploits0References3
Veracode
Veracode
added 2025/05/09 6:30 a.m.14 views

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability is due to improper handling of certain Check and ListObject calls, allowing unauthorized access to restricted resources...

9.8CVSS6.7AI score0.00327EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/02 7:16 p.m.18 views

CVE-2025-46331

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

5.8CVSS6.9AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2025/04/30 7:15 p.m.43 views

CVE-2025-46331

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

9.8CVSS0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/30 6:27 p.m.10 views

CVE-2025-46331 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

5.8CVSS6.5AI score0.00327EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/30 6:27 p.m.48 views

CVE-2025-46331 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

5.8CVSS0.00327EPSS
Exploits0References2
OSV
OSV
added 2025/04/30 6:27 p.m.12 views

CVE-2025-46331 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

5.8CVSS9AI score0.00327EPSS
Exploits0References4
CVE
CVE
added 2025/04/30 6:27 p.m.210 views

CVE-2025-46331

OpenFGA vulnerability CVE-2025-46331 affects OpenFGA v1.8.10 through v1.3.6 (Helm chart <= openfga-0.2.28, docker

9.8CVSS6.6AI score0.00327EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder