3 matches found
CVE-2023-35930
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...
CVE-2023-35930
SpiceDB's LookupResources may return partial results in v1.22.0, allowing some subjects to slip through or be incorrectly denied. The root cause is using LookupResources for negative authorization decisions. Upgrade to v1.22.2 to patch the issue, or avoid using LookupResources for negative decisi...
CVE-2023-35930 LookupResources may return partial results in spicedb
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...