Lucene search
K

4 matches found

OSV
OSV
added 2024/08/09 9:16 p.m.12 views

CVE-2024-42473 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...

7.5CVSS6.6AI score0.00527EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/09 9:16 p.m.25 views

CVE-2024-42473 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...

7.5CVSS0.00527EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/09 9:16 p.m.19 views

CVE-2024-42473 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...

7.5CVSS7.6AI score0.00527EPSS
Exploits0References1
CVE
CVE
added 2024/08/09 9:16 p.m.97 views

CVE-2024-42473

OpenFGA OpenFGA v1.5.7 and v1.5.8 are affected by an authorization bypass in the Check API when using a model with the expressions but not and from in a userset. downgraded to v1.5.6 is advised (backward compatible). At time of publication, no patch was available, though maintainers planned a pat...

9.8CVSS7.6AI score0.00527EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder