CVE-2022-39340
CVE-2022-39340 affects the OpenFGA authorization engine. Prior to version 0.2.4, the streaming endpoint streamed-list-objects did not validate the Authorization header, allowing disclosure of objects in the store. Affected: OpenFGA 0.2.3 and earlier, especially when exposed to the internet. Impac...