4 matches found
CVE-2024-42473 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...
CVE-2024-42473 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...
CVE-2024-42473 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...
CVE-2024-42473
OpenFGA OpenFGA v1.5.7 and v1.5.8 are affected by an authorization bypass in the Check API when using a model with the expressions but not and from in a userset. downgraded to v1.5.6 is advised (backward compatible). At time of publication, no patch was available, though maintainers planned a pat...